This piece of malware was one of the challenges in the TCM Practical Malware Analysis course. It’s not a particularly complicated piece of malware but it reinforces the concepts and techniques in first section of the course.
Here is the context that is provided with this sample:
Hello Analyst,
The help desk has received a few calls from different IT admins regarding the attached program.They say that they’ve been using this program with no problems until recently.
Executive Summary Impact A user’s system has been infected with a malware family known as Dyreza which can be used to do any of the following:
Perform man-in-the-middle attacks via browser injections Monitor/take screenshots of browser activity Steal personal security certificates Steal online banking/login credentials Track the affected user’s location through STUN (Session Traversal Utilities for NAT). This malware is most commonly used by criminals to steal bank credentials from individual users rather than attack large corporations.