Michael Sikorski | FireEye

Publisert: 25.04.2019

Title talk: The Carbanak Juxtaposition

The Carbanak Juxtaposition

It is unusual for FireEye's FLARE Team to reverse engineer a popular and privately-developed backdoor only to later have access to the source code and operator tools. Yet this is what happened to us with FIN7's notorious Carbanak backdoor.

After one analyst reversed the challenging Caranak binary, a year later another analyst analyzed 100,000 lines of Carbanak source code. The findings range across numerous perspectives, including Russian language translations, anti-reverse engineering, AV detection and evasions, the backdoor build process, active and disabled capabilities, and author characterization.

In this talk, I'll not only share about these findings, but also my view as a team leader, the large industry response to this release, and even something we missed!

This juxtaposition between two team members is special - one with the malware source code and one without. I'd prefer the binary, what will you choose?

Biography Michael Sikorski 

Michael Sikorski is the Senior Director and Founder of the FireEye Labs Advanced Reverse Engineering (FLARE) Team. He leads the team through his extensive experience in reverse engineering malware. He provides oversight to all research projects and manages the analysis process used by the team. Mike created a series of courses in malware analysis and teaches them to a variety of audiences including the FBI, NSA, and Black Hat. He is the co-author of the book "Practical Malware Analysis," which is published by No Starch Press. Mike came to FireEye through its acquisition of Mandiant, where he worked for seven years. Prior to Mandiant, he worked for MIT Lincoln Laboratory and the National Security Agency. Mike is also an Adjunct Assistant Professor at Columbia University's Department of Computer Science.