Category: Malware Analysis

2021-07-28

Introduction In this Malware Analysis Spotlight, we’ll share our research about a phishing kit that was used at the end of March to steal banking information of Polish users of the OnLine eXchange (OLX) trading platform. We are referring to the phishing kit as Blackhat_Coder based on the Telegram user

2021-07-20

Hancitor can be grouped into the category of downloaders that are often responsible for delivering further malware families into a compromised network. Recently, it has been observed delivering the Ficker Stealer, Cobalt Strike, and the Cuba ransomware among others. It is usually distributed to the victim via malicious spam campaigns

2021-05-11

Agent Tesla is a spyware that has been around since 2014. It’s in active development, constantly being updated and improved with new features, obfuscation, and encryption methods. The malware is sold as a service with a relatively cheap licensing model, which makes it particularly easy to use and can explain

2021-03-24
In this Malware Analysis Spotlight, we will assume the role of a threat researcher tasked with analyzing, categorizing, and classifying an unknown malicious sample. We will analyze the unknown sample in a malware sandbox to jumpstart the process. Our unknown sample in this Spotlight is the information stealer, Raccoon (also
2021-02-23
When malware source code is leaked into the wild, opportunistic malware authors will often be quick to analyze and repurpose the code to create new variants of their own malware, providing another avenue for them to escape detection. This post, condensed from a SANS webcast featuring SANS Analyst Jake Williams
2021-02-04
Recently, Google’s Threat Analysis Group published a blog post about a campaign targeting security researchers, which they attribute to an entity backed by the North Korean government. Using social engineering the attackers try to convince victims to download and open a Visual Studio Project file. This file contains commands that
2021-01-17

Introduction to SocialPhish – An Open-Source Phishing Toolkit In the following Malware Analysis Spotlight, we will take a look at phishing campaigns that are likely generated by abusing an open-source phishing toolkit – SocialPhish. SocialPhish’s README states that at least some of its phishing templates were generated by SocialFish (another

2021-01-14
This week the team at SentinelLabs released an in-depth analysis of macOS.OSAMiner, a Monero mining trojan infecting macOS users since 2015. The authors of macOS.OSAMiner used run-only AppleScripts which made attempts at further analysis more difficult. In 2020, the SentinelLabs Team discovered that the malware authors were evolving their evasion
2020-12-15
In this Malware Analysis Spotlight, we analyze the Berserker variant of Hentai Oniichan Ransomware. We’ve observed at least two different variants of Hentai Oniichan Ransomware in-the-wild, King Engine, and Berserker. What we found interesting in our analysis of the Berserker variant is its attempts to make recovery difficult by deleting
2020-11-18
Earlier this year, in one of our blog posts we covered GuLoader, a downloader outfitted with advanced anti-analysis techniques that has delivered FormBook, NanoCore, LokiBot, and Remcos among others. Recently, we’ve observed GuLoader delivering AZORult. Active for many years, AZORult is an information stealer that has seen many iterations and

Uncover the truth of Cybersecurity, one story at a time

Keep up to date with our weekly digest of articles. Get the latest news, invites to events, and threat alerts!

Subscribe to our Newsletter

Days
Hours
Minutes
Seconds

Ready to stress-test your malware sandbox? Join us for a no-fluff, all-demo webinar that shows you real techniques to evaluate and optimize your sandboxing solution!