Karius (a088c428-d0bb-49c8-9ed7-dcced0c74754)
Trojan under development and already being distributed through the RIG Exploit Kit. Observed code similarities with other well-known bankers such as Ramnit, Vawtrak and TrickBot. Karius works in a rather traditional fashion to other banking malware and consists of three components (injector32\64.exe, proxy32\64.dll and mod32\64.dll), these components essentially work together to deploy webinjects in several browsers.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Karius (a088c428-d0bb-49c8-9ed7-dcced0c74754) | Banker | Karius (8a01c3be-17b7-4e5a-b0b2-6c1f5ccb82cf) | Malpedia | 1 |