Skip to content

Hide Navigation Hide TOC

Retefe (87b69cb4-8b65-47ee-91b0-9b1decdd5c5c)

Retefe is a banking trojan that is distributed by what SWITCH CERT calls the Retefe gang or Operation Emmental. It uses geolocation based targeting. It also leverages fake root certificate and changes the DNS server for domain name resolution in order to display fake banking websites to victims. It is spread primarily through malspam emails.

Cluster A Galaxy A Cluster B Galaxy B Level
Retefe (Android) (22ef1e56-7778-41d1-9b2b-737aa5bf9777) Malpedia Retefe (87b69cb4-8b65-47ee-91b0-9b1decdd5c5c) Banker 1
Dok (80acc956-d418-42e3-bddf-078695a01289) Malpedia Retefe (87b69cb4-8b65-47ee-91b0-9b1decdd5c5c) Banker 1