Malware Case Study - Secure Science Corporation

This document contains details of an exploratory case study that was conducted on a malware specimen. The trojan was hosted on web servers located in found in the wild by members of the Mal-Aware Group the Ukraine and Russia, and existed among several gigabytes of data encoded with a proprietary algorithm.

There were nearly 10,000 individual files available, each containing between 70 bytes and 56 megabytes worth of stolen data that only criminals could read…until now.

The primary objective for this research was to decode the stolen data and enter it into IntelliFound, which is an innovative solution that specializes in returning illegally obtained confidential information to the appropriate organizations. A secondary objective for this study is to discover and explain intimate details on the trojan, which includes but is not limited to, its anti-detection mechanisms, internal data structures, API hooking functions, and procedures for controlling the flow of data and communication across multiple threads.