Derusbi

Description

(Palo Alto) Derusbi is a backdoor Trojan believed to be used among a small group of attackers, which includes the Rancor group. This particular sample is a loader that loads an encrypted payload for its functionality. This DLL requires the loading executable to include a 32-byte key on the command line to be able to decrypt the embedded payload, which unfortunately we do not have. Even though we don’t have the decryption key or loader, we have uncovered some interesting artifacts.

Names

Name
Derusbi
PHOTO

Type

Backdoor

Information

https://unit42.paloaltonetworks.com/rancor-cyber-espionage-group-uses-new-custom-malware-to-attack-southeast-asia/
http://www.novetta.com/wp-content/uploads/2014/11/Derusbi.pdf
https://www.threatconnect.com/the-anthem-hack-all-roads-lead-to-china/

Mitre Attack

https://attack.mitre.org/software/S0021/

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/win.derusbi

Alienvault Otx

https://otx.alienvault.com/browse/pulses?q=tag:Derusbi

Other Information

Uuid

70e712fe-753d-4fdb-9da3-4b760cab51ee

Last Card Change

2022-12-29

Threat Intelligence Garden

Explorer

Derusbi

Derusbi

Description

Names

Category

Type

Information

Mitre Attack

Malpedia

Alienvault Otx

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks