2020年拉美金融网络犯罪：犯罪分子共享TTPS - ESET（英文版）（19页）.pdf

《2020年拉美金融网络犯罪：犯罪分子共享TTPS - ESET（英文版）（19页）.pdf》由会员分享，可在线阅读，更多相关《2020年拉美金融网络犯罪：犯罪分子共享TTPS - ESET（英文版）（19页）.pdf（19页珍藏版）》请在三个皮匠报告上搜索。

1、LATAM FINANCIAL CYBERCRIME: COMPETITORS-IN-CRIME SHARING TTPS ESET Research white papers Authors: Jakub Souek Martin Jirkal TLP: WHITE LATAM financial cybercrime: Competitors-in-crime sharing TTPs1 TLP: WHITE CONTENTS ABSTRACT 2 INTRODUCTION 2 IMPLEMENTATION 3 Core of a typical Latin American bankin

2、g trojans implementation 3 Implementation detail similarities 4 String encryption and obfuscation 4 Common enemy: Protection software 4 Binary obfuscation 5 DISTRIBUTION 5 Typical Latin American banking trojan distribution chains 5 Sharing the chains 6 The first link in the chain 6 Script obfuscatio

3、n 7 Targeted countries 7 EXECUTION 7 Method 1: Direct execution 8 Method 2: Using the AutoIt interpreter 8 Method 3: DLL side-loading 8 Method 4: DLL side-loading combined with injector 9 Legitimate applications being abused 9 FAKE POP-UP WINDOWS 10 MITTRE ATT both powerful binary obfuscation tools

4、Similarly, many of them globally switched their initial download method to using Windows Installer (MSI) over the period of just a few months Finally, some TTPs seem to stay strongly rooted deep inside the region These include heavily utilizing ZIP archives and using DLL side-loading as the favored

5、execution method Even though sharing knowledge between cybercriminals is not unusual, seeing so many examples of it in region-specific malware families with the same focus caught our attention Our presentation will cover all the common characteristics we have discovered and include a timeline illust

6、rating the evolution of these banking trojans We will draw conclusions about which families are most closely interlinked and how the modus operandi of Latin American banking trojans is different from banking trojans in the rest of the world INTRODUCTION Dominating crimeware in the region, Latin Amer