This whitepaper is the first of a series of FortiGuard Technical Analyses that go in-depth into the inner workings of malware. In this paper we take a look at the malware known as Soraya. Soraya is unique in that it combines the form-grabbing techniques seen in the ubiquitous Zeus and the memory-parsing techniques seen in Point of Sale (POS) malware such as Dexter and JackPOS.
In this report, we join Junior AV Analyst Hong Kei Chan in dissecting Soraya:
- How Soraya installs itself
- How Soraya grabs the contents of forms
- How Soraya parses its target's memory and exfiltrates that data
- A look at Soraya's Command and Control (C&C) communication protocols and its master control panel.
Please click the link below to access this whitepaper (free download, no registration required):