A hard look at BBTok

NetmanageIT OpenCTI - opencti.netmanageit.com

A hard look at BBTok



SUMMARY :

This analysis dissects the infection chain of BBTok, a Brazilian-targeted threat. The malware utilizes an ISO image containing a shortcut file and various components. It employs the Microsoft Build Engine to compile and execute malicious C# code on the victim's machine. The core component, Trammy.dll, is obfuscated using ConfuserEx and utilizes AppDomain Manager Injection for execution. The malware creates a log file, gathers system information, and establishes persistence through scheduled tasks and service creation. It downloads additional components, including CCProxy for traffic manipulation, and a Delphi payload. The attack specifically targets Brazilian IP addresses and employs evasion techniques to avoid detection.

OPENCTI LABELS :

bbtok


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


A hard look at BBTok