ThreatFeed
Linkedin-in Youtube Facebook-f
VMRay Pricing
Try VMRay

Malware Analysis

Threat Bulletin: Exploring the Differences and Similarities of Agent Tesla v2 & v3

Agent Tesla is a spyware that has been around since 2014. It’s in active development, constantly being updated and improved with new features, obfuscation, and encryption methods. The malware is sold as a service with a relatively cheap licensing model, which makes it particularly easy to use and can explain

Read More

Malware Classification Case Study: Raccoon Stealer

In this Malware Analysis Spotlight, we will assume the role of a threat researcher tasked with analyzing, categorizing, and classifying an unknown malicious sample. We will analyze the unknown sample in a malware sandbox to jumpstart the process. Our unknown sample in this Spotlight is the information stealer, Raccoon (also
Read More

[SANS Webcast Recap] When Malware Source Code Leaks: Challenges & Solutions for Tracking New Variants

When malware source code is leaked into the wild, opportunistic malware authors will often be quick to analyze and repurpose the code to create new variants of their own malware, providing another avenue for them to escape detection. This post, condensed from a SANS webcast featuring SANS Analyst Jake Williams
Read More

Analyzing a DLL in a Sandbox: Speeding up Analysis of an APT Implant

Recently, Google’s Threat Analysis Group published a blog post about a campaign targeting security researchers, which they attribute to an entity backed by the North Korean government. Using social engineering the attackers try to convince victims to download and open a Visual Studio Project file. This file contains commands that
Read More

Malware Analysis Spotlight: SocialPhish (and its Anti-Social Usage of Phishing Templates)

Introduction to SocialPhish – An Open-Source Phishing Toolkit In the following Malware Analysis Spotlight, we will take a look at phishing campaigns that are likely generated by abusing an open-source phishing toolkit – SocialPhish. SocialPhish’s README states that at least some of its phishing templates were generated by SocialFish (another

Read More

Malware Analysis Spotlight: OSAMiner Uses Run-Only AppleScripts to Evade Detection

This week the team at SentinelLabs released an in-depth analysis of macOS.OSAMiner, a Monero mining trojan infecting macOS users since 2015. The authors of macOS.OSAMiner used run-only AppleScripts which made attempts at further analysis more difficult. In 2020, the SentinelLabs Team discovered that the malware authors were evolving their evasion
Read More

Malware Analysis Spotlight – Hentai Oniichan Ransomware (Berserker Variant)

In this Malware Analysis Spotlight, we analyze the Berserker variant of Hentai Oniichan Ransomware. We’ve observed at least two different variants of Hentai Oniichan Ransomware in-the-wild, King Engine, and Berserker. What we found interesting in our analysis of the Berserker variant is its attempts to make recovery difficult by deleting
Read More

Malware Analysis Spotlight: AZORult Delivered by GuLoader

Earlier this year, in one of our blog posts we covered GuLoader, a downloader outfitted with advanced anti-analysis techniques that has delivered FormBook, NanoCore, LokiBot, and Remcos among others. Recently, we’ve observed GuLoader delivering AZORult. Active for many years, AZORult is an information stealer that has seen many iterations and
Read More

Malware Analysis Spotlight: Warzone RAT – Automatically Peeling Away the Layers

10/21/2020: The classification of the malware in this Threat Spotlight has been corrected from “Ave_Maria” to “Warzone RAT”. The source of the distinctive “Ave_Maria” substring can be attributed to the open-source TinyNuke malware, which was reused in some Warzone RAT samples. In TinyNuke the string “AVE_MARIA” is transmitted in the
Read More

[SANS Webcast Recap] Power! Unlimited Power! Understanding the Techniques of Malicious Kernel-Mode Code

Kernel-mode malware is among the most difficult to detect and remove. In this post—condensed from a SANS webcast featuring SANS analyst Jake Williams and VMRay Sr. Threat Researcher Tamas Boczan present an introduction into kernel-mode rootkits, explaining why attackers use them, how they bypass mitigations built into Windows and break
Read More

Uncover the truth of Cybersecurity, one story at a time

Keep up to date with our weekly digest of articles. Get the latest news, invites to events, and threat alerts!

Subscribe to our Newsletter

Subscribe to our Newsletter:

Linkedin-in Youtube Facebook-f

Solutions

Products

Why VMRay

Resources

Missed the headlines?

We’re featured in:

image 15
image 16
image 17
image 18
© Copyright 2024 VMRay

ThreatFeed

Linkedin-in Youtube Facebook-f
VMRay Pricing
Try VMRay