Friday, July 18, 2014

Dyre banker aka Win32/Win64 Battdil - Inside a related web panel

What I have learned over the years as a hobby malware analyst is whenever you think you are the first who discovered a new malware family, you can be sure at least a dozen people are already working on the threat. And I am not speaking about what you can later see in public...

As in the case of the recently discovered banker named Dyre this is no exception. While cleaning up my malware collection yesterday, I stumbled upon a malware threat which Anton Cherepanov and I briefly analyzed 3 months ago. After a quick search on the Internet, I realized that this sample which was first discovered by ESET and named Win32/Battdil.A respectively Win64/Battdil.A is the recently publicated threat named Dyre or Dyreza banker. You can read about this malware here:

http://phishme.com/project-dyre-new-rat-slurps-bank-credentials-bypasses-ssl/
https://www.csis.dk/en/csis/news/4262/
https://www.csis.dk/en/csis/blog/4318/
http://stopmalvertising.com/malware-reports/introduction-to-dyreza-the-banker-that-bypasses-ssl.html
http://stopmalvertising.com/malware-reports/analysis-of-dyreza-changes-network-traffic.html

Share: