Malware Types

1. Droppers

When you run or executed a dropper it will download and extract the file from it's resources(somewhere in the dropper resource folder) and drop it to the disk, and then this will be executed.

It's typically in the pdf,word,excel format,tricking user to click the document thinking it's safe

2. Downloaders

Downloaders and same like Droppers but except that the second stage is retrieved remotely from a server.

3. Keyloggers

As the name suggests,keyloggers logs each keystrokes and store the keylogs somewhere in the file or memory and sent it back to the attacker.

Most of the Keyloggers use email to exfiltrate keystrokes or upload it via FTP,etc

API to look out for Keyloggers

GetAsyncKeyState()
SetWindowsHookEx()
GetForegroundWindow()

Info-Stealers

Info-Stealers are just like keyloggers it sends your information back to the attacker. Info-Stealers usually embedded with some kind of browser or password stealing applicaton.

Things to look out for Info-Stealers

SQLite3 usage
Firefox DLL Usage
Calls too CryptUnprotectData()

4. Botnets

Botnet short for Robot Network, it's a network of computers infected by malware that are under control of a single attacking party,knowns as the "bot-herder" or "bot-masters"

Common Actions of botnet * Email Spam * DDOS attacks * Financial Breach,etc

Famous botnets: Mirai,Satori, Cutwail and ZeroAccess

5. Bankers

These are used to steal banking information, as the name suggests.It's extremely popular and common just like info-stealers.

Bankers use many methods to steal the infromation, such as Web Injection, Api Hooking,etc Api Hooking - API Hooking allows the malware to modify specific API,so t hat it's own code runs instead of the API function. And this allows the malware to execute it's own function when a browser calls HTTPSendRequest(),allowing for interception of data.

Examples of Bankders Zeus,Danabot,Ramnit,etc

6. Worms

Worms travels across the whole network, Worms need almost zero interaction, it uses vulnerabilites(for example ETERNAL BLUE

Worms often contains a malicious payload

Last updated