Demystifying targeted malware used against Polish banks
Contents
The purpose of this blog is to deliver technical details of an as-yet minimally documented malware that has made headlines in Poland.
Hot news about successful attacks on Polish banks appeared recently on the Polish security portal ZaufanaTrzeciaStrona.pl (translated in English here). The impact of the attacks was described dramatically with adjectives like “the most serious”. The initial reports were very recently supported by two blogposts by Symantec and BAE Systems. The nationalities of affected institutions were extended also to Mexico and Uruguay, with even more high-profile targets in the attackers’ viewfinder that are located worldwide. There are many interesting aspects to these attacks starting from the targets, moving on to the vector of compromise, right up to the specific features of the malicious executables used. While the first two aspects have been quite thoroughly examined so far, the malicious binaries involved haven’t received much attention so far. The purpose of …
Hot news about successful attacks on Polish banks appeared recently on the Polish security portal ZaufanaTrzeciaStrona.pl (translated in English here). The impact of the attacks was described dramatically with adjectives like “the most serious”. The initial reports were very recently supported by two blogposts by Symantec and BAE Systems. The nationalities of affected institutions were extended also to Mexico and Uruguay, with even more high-profile targets in the attackers’ viewfinder that are located worldwide. There are many interesting aspects to these attacks starting from the targets, moving on to the vector of compromise, right up to the specific features of the malicious executables used. While the first two aspects have been quite thoroughly examined so far, the malicious binaries involved haven’t received much attention so far. The purpose of …
IoC
11568dffd6325ade217fbe49ce56a3ee5001cbcc
4f0d7a33d23d53c0eb8b34d102cdd660fc5323a2
50b4f9a8fa6803f0aabb6fd9374244af40c2ba4c
a107f1046f5224fdb3a5826fa6f940a981fe65a1
aa115e6587a535146b7493d6c02896a7d322879e
bedceafa2109139c793cb158cec9fa48f980ff2b
e45ca027635f904101683413dd58fbd64d602ebe
fa4f2e3f7c56210d1e380ec6d74a0b6dd776994b
4f0d7a33d23d53c0eb8b34d102cdd660fc5323a2
50b4f9a8fa6803f0aabb6fd9374244af40c2ba4c
a107f1046f5224fdb3a5826fa6f940a981fe65a1
aa115e6587a535146b7493d6c02896a7d322879e
bedceafa2109139c793cb158cec9fa48f980ff2b
e45ca027635f904101683413dd58fbd64d602ebe
fa4f2e3f7c56210d1e380ec6d74a0b6dd776994b