Credit to Author: hasherezade| Date: Thu, 09 Aug 2018 18:52:57 +0000
|Process doppleganging, a rare technique of impersonating a process, was discovered last year, but hasn’t been seen much in the wild since. It was an interesting surprise, then, to discover its use in a dropper of the Osiris banking Trojan. We unpack the code to show how malware authors used this process.
Tags: dropperkronososirisOsiris dropperprocess dopplegangingtrojan
The post Osiris dropper found using process doppelgänging appeared first on Malwarebytes Labs.