Tales from Crisis, Chapter 2: Backdoor’s first steps

From Botnets.fr
Jump to navigation Jump to search

(Publication) Google search: [1]

Tales from Crisis, Chapter 2: Backdoor’s first steps
Botnet Crisis
Malware
Botnet/malware group
Exploit kits
Services
Feature
Distribution vector
Target
Origin
Campaign
Operation/Working group
Vulnerability
CCProtocol
Date 2012 / 20 aug2012
Editor/Conference Osxreverser
Link http://reverse.put.as/2012/08/20/tales-from-crisis-chapter-2-backdoors-first-steps/ reverse.put.as (reverse.put.as Archive copy)
Author osxreverser
Type

Abstract

The first curious detail about the backdoor module (installed as /Users/USERNAME/Library/Preferences/jlc3V7we.app/IZsROY7X.-MP) is that no obfuscation/anti-debugging tricks are used (except one) so its analysis is easier than the dropper. It also uses Objective-C heavily, which is still a bit annoying in IDA but has the advantage of the code being very descriptive.

Bibtex

 @misc{osxreverser2012BFR1126,
   editor = {Osxreverser},
   author = {osxreverser},
   title = {Tales from Crisis, Chapter 2: Backdoor’s first steps},
   date = {20},
   month = Aug,
   year = {2012},
   howpublished = {\url{http://reverse.put.as/2012/08/20/tales-from-crisis-chapter-2-backdoors-first-steps/ reverse.put.as}},
 }