Infection usually starts with a click on an email attachment. Some attacks will try to ransom you by encrypting your data. Some others will try to be discrete and focus on stealing your credentials.
As fighting malware often starts by understanding what it does, we will see in this presentation, how with a bit of method, free tools and time, we can analyse a credentials stealing malware, extract some indices of comprise and understand technics used by the attackers to avoid detection and slowdown the analysis.
FAN has been working as an IT Security expert for the last 9 years, mostly on governmental systems. His main areas of interest include network security, cryptography integration and forensics. He is the main author of the cryptobourrin blog.