silversurfer

Level 47
Content Creator
Trusted
Malware Hunter
Verified
FireEye’s analysis of the Carbanak source code that emerged on VirusTotal recently found no use of new exploits. Their review of the code also verified previous assumptions on the group behind a series of cyberattacks that used the malware.

Associated with the financially-motivated threat actor FIN7, Carbanak is a full-featured backdoor that has been used in numerous attacks to steal millions of dollars. Recently, FireEye found two RAR archives on VirusTotal containing the malware’s source code, as well as other tools.

Analysis of the code revealed new details on the malware, but also confirmed what previous investigations had already discovered, such as an anti-virus evasion mechanism, authorship artifacts, exploits, and network-based indicators.
CARBANAK Week Part One: A Rare Occurrence « CARBANAK Week Part One: A Rare Occurrence
CARBANAK Week Part Two: Continuing the CARBANAK Source Code Analysis « CARBANAK Week Part Two: Continuing the CARBANAK Source Code Analysis
CARBANAK Week Part Three: Behind the CARBANAK Backdoor « CARBANAK Week Part Three: Behind the CARBANAK Backdoor
CARBANAK Week Part Four: The CARBANAK Desktop Video Player « CARBANAK Week Part Four: The CARBANAK Desktop Video Player