ThreatFeed
Linkedin-in Youtube Facebook-f
VMRay Pricing
Try VMRay

Category: Malware Analysis

2020-10-19

Malware Analysis Spotlight: Warzone RAT – Automatically Peeling Away the Layers

10/21/2020: The classification of the malware in this Threat Spotlight has been corrected from “Ave_Maria” to “Warzone RAT”. The source of the distinctive “Ave_Maria” substring can be attributed to the open-source TinyNuke malware, which was reused in some Warzone RAT samples. In TinyNuke the string “AVE_MARIA” is transmitted in the
Read More
2020-10-06

[SANS Webcast Recap] Power! Unlimited Power! Understanding the Techniques of Malicious Kernel-Mode Code

Kernel-mode malware is among the most difficult to detect and remove. In this post—condensed from a SANS webcast featuring SANS analyst Jake Williams and VMRay Sr. Threat Researcher Tamas Boczan present an introduction into kernel-mode rootkits, explaining why attackers use them, how they bypass mitigations built into Windows and break
Read More
2020-10-01

Malware Analysis Spotlight: Formbook (September 2020)

A Fresh Look at an Old Problem Formbook is a well-known malware family of data stealers and form grabbers. Sold as “malware-as-a-service” on hacking forums since early 2016, anyone so inclined can purchase a subscription and use the Formbook tool. It is usually distributed using malspam containing malicious attachments and
Read More
2020-09-15

Malware Analysis Spotlight: Qbot’s Delivery Method

The Re-Emergence of Qbot After more than a decade in operation, the Qbot Trojan is back in the news. A modified version of the malware which now extracts email threads from Outlook to use in phishing attacks was used in a prominent campaign that ran from March to the end
Read More
2020-08-20

Threat Bulletin: WastedLocker Ransomware

Targeted ransomware is a common occurrence nowadays. Recently Garmin confirmed to have been the target of a ransomware attack on July 23, 2020, which led to the interruption of many of their online services. According to Bleeping Computer, the ransomware has been confirmed to be WastedLocker. The article goes on
Read More
2020-08-17

SANS Webcast Recap: Defense Against Dark Arts – Dissecting Sandbox Evasion Techniques

If you are of a certain age, you might remember Mad Magazine’s satirical Spy v. Spy comic strip in which two agents – one dressed completely in white and the other in black – would try and outwit and annihilate each other on a weekly basis. Malware authors and the
Read More
2020-08-11

Malware Analysis Spotlight: MassLogger’s Noisy Stealing Attempts

In this Malware Analysis Spotlight, the VMRay Labs Team will examine MassLogger, a Spyware/Stealer that was first publicly observed in-the-wild at the end of April. During our analysis, we monitored a significant amount of behavioral matches for techniques that MassLogger uses to discover the host machine and to steal sensitive
Read More
2020-07-22

Malware Analysis Spotlight: The Return of Emotet

After a long time of being inactive, the infamous malware delivery framework Emotet is back – the three Emotet botnets started pushing malicious spam on Friday, July 17. In this Malware Analysis Spotlight, we will take a look at one of the Microsoft Word documents used in the campaign (Figure
Read More
2020-07-09

Threat Bulletin: Dissecting GuLoader’s Evasion Techniques

Editor’s Note: This blog post was updated on August 10, 2020. Over the last couple of months, we observed a new downloader called GuLoader (also known as CloudEyE) that has been actively distributed in 2020. In contrast to prototypical downloaders, GuLoader is known to use popular cloud services such as
Read More
2020-07-01

Threat Bulletin: Cutting-off the Command-and-Control Infrastructure of CollectorGoomba

A Primer on Spyware-as-a-Service The rise in spyware-as-a-service allows cyber-criminals to choose a specialty, whether improving spyware, infecting users, or maximizing the profit derived from stolen information. The business model for spyware-as-a-service starts with an individual or team to developing the initial spyware and standing up any necessary infrastructure that
Read More

Uncover the truth of Cybersecurity, one story at a time

Keep up to date with our weekly digest of articles. Get the latest news, invites to events, and threat alerts!

Subscribe to our Newsletter

Subscribe to our Newsletter:

Linkedin-in Youtube Facebook-f

Solutions

Products

Why VMRay

Resources

Missed the headlines?

We’re featured in:

image 15
image 16
image 17
image 18
© Copyright 2024 VMRay

ThreatFeed

Linkedin-in Youtube Facebook-f
VMRay Pricing
Try VMRay
Days
Hours
Minutes
Seconds

Ready to stress-test your malware sandbox? Join us for a no-fluff, all-demo webinar that shows you real techniques to evaluate and optimize your sandboxing solution!

Watch Now