Botconf Author Listing

Alessandro Strino

Last known affiliation: Cleafy
Bio: Alessandro Strino has a solid background in Penetration testing, and modern malware analysis. His main research topics are binaries and computer forensics. Nevertheless, he is passionate about binary exploitation, boot-to-root CTFs, and privileges escalation techniques. He now works as a malware analyst at Cleafy.
Date: 2023-04-13
Operation drIBAN: insight from modern banking frauds behind Ramnit
Federico Valentini 🗣 | Alessandro Strino 🗣

Abstract (click to view)

During the last three years, we have tracked and closely analyzed a specific TA, intending to infect Windows workstations on corporate environments trying to alter legitimate banking transfers performed by the victims. The main technique leveraged was the Automated Transfer System (ATS), enabled via custom web injects for changing the beneficiary and transferring money to an illegitimate bank account (money mule) controlled by themself or affiliates, which is then responsible for handling and laundering the stolen funds. The critical component behind those fraud operations was one of the most advanced banking trojans, Ramnit.

Even if Ramnit has already been described in the literature, because of our forefront position, it was possible to understand TA behavior deeply and reconstruct the whole infection chain that goes through the initial malspam campaign, an accurate selection of victims during the botnet construction, the Automatic Transfer System (ATS) technique for cash-out through wire transfers, and the final money laundering.

Slides Icon
Scroll to Top