Threat Research

Soraya: the Worst of Both Worlds

By Richard Henderson | July 14, 2014

This whitepaper is the first of a series of FortiGuard Technical Analyses that go in-depth into the inner workings of malware. In this paper we take a look at the malware known as Soraya. Soraya is unique in that it combines the form-grabbing techniques seen in the ubiquitous Zeus and the memory-parsing techniques seen in Point of Sale (POS) malware such as Dexter and JackPOS.

In this report, we join Junior AV Analyst Hong Kei Chan in dissecting Soraya:

  • How Soraya installs itself
  • How Soraya grabs the contents of forms
  • How Soraya parses its target's memory and exfiltrates that data
  • A look at Soraya's Command and Control (C&C) communication protocols and its master control panel.

Please click the link below to access this whitepaper (free download, no registration required):

Soraya: the Worst of Both Worlds

Join the Discussion