VIEW VMRAY’S ANALYSIS REPORT Overview Latrodectus was first discovered by researchers in October 2023 and has been in heavy development ever since. The malware works mainly as a loader/downloader. Latrodectus has strong ties with the former, infamous loader IcedID, which was taken down in May 2024, thanks to the
The Labs team at VMRay actively gathers publicly available data to identify any noteworthy malware developments that demand immediate attention. We complement this effort with our internal tracking and monitor events the security community reports to stay up-to-date with the latest changes in the cybersecurity landscape. In September 2024, the
Over the last 10-12 years, EDR solutions have become a mainstay in endpoint defense. The reason for the dramatic adoption of EDR solutions was because Anti-Virus (AV) solutions at the time were (and still are) unable to detect a new wave of undetectable threats. Document-based attacks with macro’s and fileless
In any other IT technology solution, from productivity suites, CRM, or financial applications, product suites are a logical way forward. Single source of vendor provides vendor consolidation, savings on cost, support, and maintenance requirements. It makes perfect sense. However, very few organizations have been compromised based on their buying decision
The Labs team at VMRay actively gathers publicly available data to identify any noteworthy malware developments that demand immediate attention. We complement this effort with our internal tracking and monitor events the security community reports to stay up-to-date with the latest changes in the cybersecurity landscape. In August 2024, the
Introduction The first quarters of 2024 have been nothing short of dynamic, with three impactful releases! We hope you’ve enjoyed the features delivered in recent months, including the simplified integration with the built-in SentinelOne connector, support for MITRE ATT&CK® v14.1, and two new file analysis environments for our dear FinalVerdict
Latrodectus updates to version 1.4 with AES-256 string encryption We found a new Latrodectus version (1.4) which switched its string encryption routine to AES-256. This new version also utilizes the /test/ C2 endpoint, indicating that it is an early testing sample for this version. In a nutshell: PRNG and XOR
The Labs team at VMRay actively gathers publicly available data to identify any noteworthy malware developments that demand immediate attention. We complement this effort with our internal tracking and monitor events the security community reports to stay up-to-date with the latest changes in the cybersecurity landscape. In July 2024, the
Malware goes undetected by hiding malicious code in uncommon MS Access format 0/64 detections on VirusTotalas of 05.08.2024 The VMRay Labs team has uncovered a malware that goes completely undetected for weeks by hiding malicious p-code in MS Access’ uncommon ACCDE format. Microsoft Access allows users to export their databases
There are scenarios in which opting for the best possible solution is non-negotiable. Think of medical surgery, aerospace safety, military operations, or pharmaceutical development. The reason? While the probability of a catastrophe may seem low, its impact is extraordinarily high. In cybersecurity, breaches are no longer a low-probability event, and
Malicious batch file reveals full behavior only when it’s started by a double-click. 0/64 detections on VirusTotal as of 04.07.2024 The VMRay Labs team has uncovered a heavily obfuscated malicious batch file that has managed to evade detection on VirusTotal with no security vendors flagging it (0/64). This batch file
The VMRay Labs team is always on the ball, scouring publicly available data to pinpoint any critical developments that need immediate focus. We ramp up these efforts with our own internal malware tracking process, keeping tabs on the latest headlines from the security community. This keeps us plugged into the
Obfuscated batch file downloads open-source stealer straight from GitHub 0/64 detections on VirusTotal as of 03.07.2024 The VMRay Labs team has uncovered a heavily obfuscated malicious batch file that has managed to evade detection on VirusTotal, with no security vendors flagging it (0/64). This batch file downloads an open-source stealer
The Labs team at VMRay actively gathers publicly available data to identify any noteworthy malware developments that demand immediate attention. We complement this effort with our internal tracking and monitor events the security community reports to stay up-to-date with the latest changes in the cybersecurity landscape. In May 2024, the
Introduction: The Significance of Locked Shields Participating in Locked Shields 2024, the largest and most complex international live-fire cyber defense exercise in the world, has been a monumental experience for VMRay. Organized annually by the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE) since 2010, Locked Shields brings together national
Introduction Two releases of 2024 are already behind us, but we’re not slowing down! We hope you’ve enjoyed the features delivered in recent months, including QR codes extraction from PDF files, URL extraction from OneNote documents, support for STIX 2.1 in Analysis Reports, as well as our continuous enhancements and
Malware executes its payload only when the screen is locked. 3/48 detections on VirusTotal as of 04.06.2024 The VMRay Labs team has uncovered a malicious Excel file uses macros to download an image from a remote resource – but hidden inside are the commands to execute the next payload Then
Typically, large product suites sold as a bundle – in most industries – win over customers from a perceived value standpoint where best-in-class is less of a factor. However, as we are finding out from returning customers, there is a compelling argument for best-in-class when it comes to malware sandbox
AgentTesla delivered via exploiting Microsoft Office 5/61 detections on VirusTotalas of 14.05.2024 Malicious Microsoft Excel document used to exploit a vulnerability in Equation Editor, leading to the execution of AgentTesla. 5 of 61 detections on VirusTotal HASH: dc62fc5febad93b231a91fcb806df63441c6dff69b9a7c793aec78373f45e888 XLS → Equation Editor → Agent Tesla Malicious code loaded via remote
The Power of Pareto in Cybersecurity Economist Vilfredo Pareto’s famous “80/20” principle, stating that roughly 80% of effects come from 20% of causes, has long been recognized as a guiding economic principle. This economic principle can also be leveraged by security leaders to improve strategy. The “one size fits all”
The Labs team at VMRay actively gathers publicly available data to identify any noteworthy malware developments that demand immediate attention. We complement this effort with our internal tracking and monitor events the security community reports to stay up-to-date with the latest changes in the cybersecurity landscape. In April 2024, the
Malware authors are continuously evolving their tactics to evade detection by security tools, and sandbox evasion techniques are a critical component of this cat-and-mouse game. In this comprehensive article, we’ll delve into the intricate details of the three primary categories of sandbox evasion techniques employed by modern malware, shedding light
Introduction As the popularity of Linux and UNIX-like operating systems has grown, so too has the attention from malicious actors seeking to exploit vulnerabilities. With the increasing adoption of these systems in various industries, they have become lucrative targets for cyber attacks. Consequently, the belief that Linux is immune to
The first step in defending your business against phishing is making sure that your employees know that these attacks exist and what they consist of. VMRay’s Abuse Mailbox enables Enterprise, MSSP and MDR SOC teams to create a dedicated mailbox hosted by VMRay solutions, allowing each client’s employees to forward
As technology advances, email phishing campaigns continue to improve in sophistication, emphasizing the need for vigilance and awareness. The recent spate of ransomware attacks on US healthcare has shown major chinks in the armor of many an organization’s security stack. Zero-Day malware, if unchecked, can bring an organization quickly to
As technology advances, phishing campaigns continue to improve in sophistication, emphasizing the need for vigilance and awareness. The recent spate of ransomware attacks on US healthcare has shown major chinks in the armor of many an organization’s security stack. Zero-Day malware, if unchecked, can bring an organization quickly to its
The Labs team at VMRay actively gathers publicly available data to identify any noteworthy malware developments that demand immediate attention. We complement this effort with our internal tracking and monitor events the security community reports to stay up-to-date with the latest changes in the cybersecurity landscape. In March 2024, the
We’re excited to announce that our new release now supports the advanced data-exchange format, STIX 2.1, enabling other security systems and threat repositories to import more results from VMRay’s analysis reports. This marks a significant leap towards better interoperability and makes sharing threat intelligence more future-proof. While STIX 2.0 was
Introduction The Labs team at VMRay actively gathers publicly available data to identify any noteworthy malware developments that demand immediate attention. We complement this effort with our internal tracking and monitor events the security community reports to stay up-to-date with the latest changes in the cybersecurity landscape. In February 2024,
Three Ransomware attacks and data breaches in the healthcare industry over the last few weeks have been noteworthy. We’ve discussed the first incident that involves the BlackCat Ransomware as a Service (RaaS). Now, let’s continue with the second:the return of LockBit 3.0. Part 3: Rhysida Another ransomware as a service
Three Ransomware attacks and data breaches in the healthcare industry over the last few weeks have been noteworthy. We’ve discussed the first incident that involves the BlackCat Ransomware as a Service (RaaS). Now, let’s continue with the second:the return of LockBit 3.0. Part 2: The End of LockBit? Not So
Ransomware. One word that keeps many IT Administrators and SOC Analysts awake at night. And when it comes to the healthcare industry, the recent ransomware attacks of 2024 have led many IT security practitioners to burn the midnight oil late into the night. Three Ransomware attacks and data breaches in
Introduction The first release of 2024 is already behind us, but we’re not slowing down! We hope you’ve enjoyed the features delivered in recent months, including addressing the QR code phishing attacks, support for the analysis of ISO and UDF filetypes as well as our continuous enhancements and research to
The recent data leak from a Chinese Security Services Company, i-Soon, sent shockwaves through the CTI world. The name “i-Soon” is not new to the researchers monitoring China-nexus private hacking industry. This attention dates back to the US Grand Jury’s indictment o employees from “Chengdu 404” in 2019, where it
Overview Pikabot has posed significant challenges to many Endpoint Detection and Response (EDR) systems through its employment of an advanced technique to hide its malicious activities known as “indirect system calls” (or “indirect syscalls”). This is only one of multiple techniques this family employs to evade detection: Pikabot distinguishes itself
Introduction The VMRay Labs team actively gathers publicly available data to identify any noteworthy malware developments that demand immediate attention. We complement this effort with our internal tracking and monitor events the security community reports to stay up-to-date with the latest changes in the cybersecurity landscape. With this bulk update
Overview The new guide released by the NSA, alongside other agencies including CISA, FBI, DOE, EPA, TSA, and international partners from the UK, Canada, Australia, and New Zealand, addresses the need for improved cyber defense measures against LOTL techniques. This collaboration highlights the global nature of the threat and the
Introduction The VMRay Labs team actively gathers publicly available data to identify any noteworthy malware developments that demand immediate attention. We complement this effort with our internal tracking and monitor events the security community reports to stay up-to-date with the latest changes in the cybersecurity landscape. With this bulk update
Introduction Welcome in 2024! We open up this year with another release of the VMRay Platform, which we’ve been working on in the winter season of 2023. In this blog post, we have some exciting updates to share and a glimpse into the innovations and initiatives that we focused on
Introduction The VMRay Labs team continuously reviews publicly available data to detect significant advancements in malware that require immediate attention. Our internal tracking further reinforces this work as we vigilantly monitor events reported by the security community, ensuring we remain at the forefront of the ever-evolving cybersecurity landscape. In November
The Advent of EDR and the Sandbox Dilemma Endpoint Detection and Response (EDR) solutions emerged with the promise of revolutionizing the cyber defense landscape. Touted as the panacea to malware attacks, EDRs offered both visibility into endpoints and a protective shield against malware threats. They positioned themselves as alternatives to
2023 marks a pivotal year in business evolution. As organizations struggle with the dual challenges of fortifying their security infrastructure and managing operational costs, the attraction of achieving more with less in your SOC becomes paramount. With the surge in unique malware samples to an astonishing 1.5 per minute in
Introduction The Labs team at VMRay actively gathers publicly available data to identify any noteworthy malware developments that demand immediate attention. We complement this effort with our internal tracking and monitor events the security community reports to stay up-to-date with the latest changes in the cybersecurity landscape. In October 2023,
Even decades after the term “phishing” was coined, attackers are still innovating. In the past few weeks, we have seen a stark increase in a tactic referred to as “Quishing”: A form of phishing which abuses QR codes to attack victims. Traditional phishing attacks, which typically involve a malicious email
As we delve deeper into the cybercriminal landscape, infostealer malware remains a pervasive threat, continuing to evolve and adapt to net attackers a wealth of sensitive data. These malicious tools, deftly infiltrating systems, swipe everything from login credentials to credit card details, fueling a thriving black market on the dark
Introduction Recently, we have released the newest version of our platform, which you can check in the latest Release Highlights Blog. At the same time, our Labs team has been working on great signature and detection improvements covered in this article. In the past quarter, our Threat Researchers have focused
Introduction This year is slowly coming to its dawn. Fall leaves from the trees are falling, but it’s not the case for our appetite for threat hunting! We’re always on the lookout for dynamic behavior analysis, unusual or suspicious patterns in network traffic, file and memory analysis, new phishing trends,
Family Overview Beginning November 2022 here at VMRay we noticed increased activity of the Amadey information stealer malware. Monitoring of the threat landscape over the past several months showed this trend in the malware activity continued and the family is active as we speak. Our observations, together with public reports
Download The Report Introduction Having meticulously dissected the intricate delivery methods employed by BumbleBee in our previous blog post, we embarked on a journey through the multifaceted and complex delivery chains that enable its stealthy penetration. From the covert utilization of seemingly innocuous files to ingenious tactics that evade detection,
Introduction The Labs team at VMRay actively gathers publicly available data to identify any noteworthy malware developments that demand immediate attention. We complement this effort with our internal tracking and monitor events the security community reports to stay up-to-date with the latest changes in the cybersecurity landscape. Recently, the VMRay
BumbeBee loader: an overview In March of 2022 a new loader equipped with more than 50 evasion techniques was spotted in the wild: BumbleBee employs a variety of methods to escape detection – from complex delivery chains and hooking-based loading to iterating through a collection of evasion techniques to detect
In the ever-evolving landscape of cybersecurity, tools like VirusTotal can provide invaluable insights. However, as a recent headline-grabbing incident demonstrated, it’s crucial to understand how to use these resources responsibly to avoid accidental data leaks. In today’s evolving cybersecurity landscape, two phrases are gaining traction and for good reason –
Introduction Writing this introduction for the VMRay 2023.3.0 release has been a thrill, considering bringing a significant game-changer to our products. The summer heat in our Bochum headquarters is at its best. To relieve the scorch, we are shipping a long-awaited coolness – Static and Dynamic Analysis of Linux executables.
Overview With our latest release, VMRay Platform version 2023.2, we introduced support for Microsoft OneNote documents, recently abused by multiple threat actors. As announced in a recent blog post, the VMRay Platform continuously extends its capabilities to ensure our product is still able to deal with the the latest trends
Keep up to date with our weekly digest of articles. Get the latest news, invites to events, and threat alerts!