IOC Details

zeus gameover with necurs rootkit
OpenIOC1.0
 by @iocbucket
sha1:

633ac6cfd9833ecd0cf15402d3549c9350bcf986
short description:

zeus gameover with necurs rootkit
long description:

recently the developers behind zeus gameover, the p2p (peer-to-peer) version of the infamous zeus banker, introduced a kernel-mode rootkit known as necurs to protect the binaries on the hard drive and in memory. earlier versions of zeus already employed a user-mode rootkit which was dropped in version 2 due to its inefficiency. instead zeus moved on to injecting its code into most processes. gameover will first drop necurs, installing the kernel driver as a service and then attempt to inject itself into other processes. the dropper contains a 32-bit and 64-bit version of the kernel driver.
comments powered by Disqus