Analysis of Command and Control of InfoStealer Malware

Our analysts disassembled an information stealer malware purchased on cybercrime forums and reported on the command and control feature.

DeepCode receives a request from a law enforcement organization to acquire, analyze and report on a popular infostealer malware sold on cybercrime forums. After purchasing an unobfuscated copy of the malware, our analysts setup a command and control server based on the seller’s instructions and set up the proper virtual machines to simulate a compromise. Using Ghidra and OllyDbg, we analyzed the binary and network traffic to identify the obfuscation techniques implemented, commands and URLs used by the malware.

Do You Have a Similar Project? Contact Us to Get Started!