Carbanak and the Exploitation of Rundll32.exe: A Technical Analysis of Living-off-the-Land Tactics
The Carbanak cybercrime group, notorious for targeting financial institutions, has long relied on the abuse of legitimate Windows system tools to evade detection. Among these, rundll32.exe—a core Windows component for executing Dynamic Link Library (DLL) functions—has been weaponized to facilitate stealthy attacks. This article explores Carbanak’s exploitation of rundll32.exe, contextualizing it within broader malware campaigns, including MontysThree, Poison Ivy (PIVY), and recent Chinese state-linked threat actors, to dissect the technical nuances of Living-off-the-Land (LotL) strategies. ...