Analysis of PoSeidon downloader and keylogger


In this post I analyze a sample of Poseidon (sample: 1b7f205b663af9a6eb44f18555bdaad86e0fa58f3a9e4aced3e2ae1e3ed472b5, you can read about it here). The original sample is a downloader. It is working, and there are online and working CnCs in the list of CnCs that the sample carries. However the malware could be failing to download the second stage executable (the keylogger) because of a bug in the downloader.

Continue reading