VMRay Blog

Stay current on the threat landscape with industry-leading cybersecurity insights!
2022-04-09

Writing this introduction for the Platform 4.5.0 release has been a thrill, considering its incredible content. Yet, it wasn’t an easy task. How can you find a common theme for a release that includes two new, yet different, major capabilities? One, a breakthrough in phishing detection using Machine Learning. Two,

Editor’s Note: This post was updated on February 6, 2018. Editor’s Note: This post was updated on October 16, 2019. VM Detection – Passing the Pafish Test Paranoid Fish (pafish) is a tool for detecting malware analysis environments, replicating what malware will do in the wild to detect if it
2022-03-29

The Main Concepts of AI and Machine Learning: An Overview By Martin Rupp Blog Series 1: Machine Learning and Cyber Security: An Introduction Blog Series 1: Machine Learning and Cyber Security: An Introduction The WEF forecasts the global value of AI in cyber security to grow up to 46 billion

2022-03-04

Blog Series The Main Concepts of AI and Machine Learning Why do we need Machine Learning in Cybersecurity, and how can it help? Data: The fuel that powers Machine Learning AI is everywhere. Its usage is most often connected with virtual assistants such as Cortana or Siri for example or

2022-02-28

Updated on: 2024-12-02 Smoke Loader is a malware downloader that is capable of downloading and deploying other payloads or additional plugins. Its plugins offer functionality related to credentials and cookie stealing , DDoS, or remote access. Smoke Loader has been used to download various threats and secondary payloads like the

2022-02-11

Sing Malware Sandboxes for Initial Triage and Incident Response By Koen Van Impe Learn from this practical case study how VMRay Analyzer helped with getting an accurate and noise-free analysis for initial triage and obtaining the relevant indicators of compromise for faster incident response. Computer security is a fast moving

2022-02-02

Emotet’s Use of Cryptography Presented by the VMRay Labs Team The group behind Emotet is the prime example of a very successful criminal enterprise. Emotet started out as a banking malware but over time evolved into a large botnet providing something akin to a malicious IaaS (Infrastructure-as-a-Service). It started providing

2022-01-18

Basic Automation with the VMRay API By Koen Van Impe Learn more about integrating VMRay Analyzer in different areas of your organizations and how to use its API to automate the submission and processing of the analysis of malware. According to a report from Honeywell the use of USB removable

2022-01-06

XLoader’ Cross-platform Support Utilizing XBinder From the VMRay Labs Team Introduction Lately, a rebranded version of the stealer FormBook named XLoader has emerged. In contrast to FormBook, which targets Windows only, XLoader supports macOS as well. During our research, we observed Office documents, which exploit vulnerabilities in MS Office products,

2022-01-05

Phishing Kit Kuzuluy Impersonating Paypal In this Malware Analysis Spotlight, we will take a look at a phishing kit related to Kuzuluy, also known as KuzuluyArt. According to Twitter user MaelSecurity, there was a Phishing-as-a-Service associated with Kuzuluy impersonating PayPal in late 2019. At the time of our research, the

2021-12-17

Investigating Cyber Incidents Using the Security Stack By Kenneth Vignali, Incident Response Expert As a seasoned digital forensic and incident responder, I have come to appreciate the value of certain logs from parts of an organization’s security stack. Before investigating any cyber incident, it is extremely critical to ensure that

2021-11-26

About a decade ago, in the good old “just SIEM it” days, the SOC was typically measured on quantity – the number of alerts validated, number of investigations escalated, number of infections mitigated, and so on. The challenges were how to make the SIEM work better – aggregation of events,

Executive Summary The ongoing shift to cloud-based offerings – SaaS, IaaS and PaaS – provides major advantages to customers. These include fast deployments, a modern & effective environment and enhanced security capabilities that traditional IT organizations cannot deliver on their own, due to high investment costs, fast-changing technology and gaps

2021-11-03
Expanded Alliance Extends Distribution Agreement with Ingram Micro for Fast-Growing Provider of Malware Analysis and Detection Solutions Boston, MA – March 3, 2021 – VMRay, a provider of automated malware analysis and detection solutions, today announced it has expanded its strategic alliance with Ingram Micro Inc., the world’s largest distributor
2021-10-20

In this Malware Analysis Spotlight, we are investigating a variant of the phishing kit created by Xbalti. Originally, there were two phishing kits developed by Xbalti. The first one is targeting Chase Bank customers, while the other one, which is the topic of this spotlight is targeting Japanese Amazon customers.

2021-10-12

For organizations of all sizes, cyber attacks are not a matter of if, but when. Given that an organization is going to experience security incidents, attacks and even breaches, a cyber incident response team and plan is critical. In a sophisticated threat landscape, what are the key considerations to building

2021-09-28

As the cyber-threat landscape evolves and data breaches become more common, incident response has become more critical than ever. A CSIRT (Computer Security Incident Response Team) is a body of people assigned with the responsibility of responding to and minimizing the impact of any incidents that affect the organization. This

2021-09-21

Introduction – Sign In To Continue Engineers have put a lot of work into making today’s websites effortless to browse. When we browse the web, we typically reach the function of a website we want without ever thinking about what we need to click. Websites present their options clearly, and

2021-09-16

When it comes to incident response, the quicker a business deals with the threat, the better. It’s not just about being able to respond in a timely manner, it’s also about having the right persons and plan in place to deal with the event effectively. How to Build An Effective

2021-09-13

VMRay Now Defends your Business and Brand with ETD In case you missed it, the world of cybersecurity changed over the last six months. McKinsey put it politely this way in a recent report: security teams “must no longer be seen as a barrier to growth but rather become recognized

2021-08-19

Today, organizations of all sizes now become targets of cyber threats. There is always the ominous risk that cybercriminals can gain access to an organization’s network – which is still, despite all efforts of moving data to the cloud, the central backbone of many organizations’ infrastructure. Once an attacker is

2021-08-12

Introduction In this Malware Analysis Spotlight, we will take a look at a phishing attempt targeting customers of the popular US-based bank Chase. We discovered the URL of the phishing page at the end of March 2021 and found several similar pages. The phishing page uses JQuery and Ajax to

2021-07-28

Introduction In this Malware Analysis Spotlight, we’ll share our research about a phishing kit that was used at the end of March to steal banking information of Polish users of the OnLine eXchange (OLX) trading platform. We are referring to the phishing kit as Blackhat_Coder based on the Telegram user

2021-07-28

Introduction In this Malware Analysis Spotlight, we’ll share our research about a phishing kit that was used at the end of March to steal banking information of Polish users of the OnLine eXchange (OLX) trading platform. We are referring to the phishing kit as Blackhat_Coder based on the Telegram user

2021-07-20

Hancitor can be grouped into the category of downloaders that are often responsible for delivering further malware families into a compromised network. Recently, it has been observed delivering the Ficker Stealer, Cobalt Strike, and the Cuba ransomware among others. It is usually distributed to the victim via malicious spam campaigns

2021-05-11

Agent Tesla is a spyware that has been around since 2014. It’s in active development, constantly being updated and improved with new features, obfuscation, and encryption methods. The malware is sold as a service with a relatively cheap licensing model, which makes it particularly easy to use and can explain

2021-05-04
This blog post introduces VMRay’s novel technique for TLS traffic decryption, which is implemented in the hypervisor, without any modifications to the virtual machine. This approach doesn’t modify the traffic like Man-in-the-Middle-based decryption that sandboxes typically use and doesn’t come with the restrictions of API hooking-based solutions. Background – Why

With the release of version 4.0 last year, the VMRay Platform took a huge leap forward and further solidified itself as the preeminent software for SOC and CERT teams that need automated analysis and detection of advanced threats. Version 4.1 further rounded out the offering with incremental yet significant enhancements,

2021-03-24
In this Malware Analysis Spotlight, we will assume the role of a threat researcher tasked with analyzing, categorizing, and classifying an unknown malicious sample. We will analyze the unknown sample in a malware sandbox to jumpstart the process. Our unknown sample in this Spotlight is the information stealer, Raccoon (also
2021-02-23
When malware source code is leaked into the wild, opportunistic malware authors will often be quick to analyze and repurpose the code to create new variants of their own malware, providing another avenue for them to escape detection. This post, condensed from a SANS webcast featuring SANS Analyst Jake Williams
Vmray threatfeed

Latest Malware Analysis Reports

Get The Latest Update

Subscribe to our newsletter

Keep up to date with our weekly digest of articles. Get the latest news, invites to events, and threat alerts!

Days
Hours
Minutes
Seconds

Ready to stress-test your malware sandbox? Join us for a no-fluff, all-demo webinar that shows you real techniques to evaluate and optimize your sandboxing solution!