ThreatFeed
Linkedin-in Youtube Facebook-f
VMRay Pricing
Try VMRay

Tag: malware analysis spotlight

2023-06-15

From a OneNote Document to the Execution of Emotet

Overview With our latest release, VMRay Platform version 2023.2, we introduced support for Microsoft OneNote documents, recently abused by multiple threat actors. As announced in a recent blog post, the VMRay Platform continuously extends its capabilities to ensure our product is still able to deal with the the latest trends

Read More
2022-11-08

How to extract Emotet’s Configuration statically

Introduction In April of 2022 we’ve observed new Emotet samples which implemented considerable changes to the way they store and decode their configuration. For Emotet, the relevant information stored in a config file is the IP address and a port number. Each of them is stored in the form of

Read More
2022-09-12

The evolution of GuLoader

Introduction In this Spotlight, we take another look at GuLoader. The malware family is active since at least 2020. It gained some attention because of its evasion techniques and abusing legitimate and popular cloud services to host its malicious payloads. The downloader is commonly used to deliver other malware families

Read More
2022-02-02

Malware Analysis Spotlight: Emotet’s Use of Cryptography

Emotet’s Use of Cryptography Presented by the VMRay Labs Team The group behind Emotet is the prime example of a very successful criminal enterprise. Emotet started out as a banking malware but over time evolved into a large botnet providing something akin to a malicious IaaS (Infrastructure-as-a-Service). It started providing

Read More
2021-03-24

Malware Classification Case Study: Raccoon Stealer

In this Malware Analysis Spotlight, we will assume the role of a threat researcher tasked with analyzing, categorizing, and classifying an unknown malicious sample. We will analyze the unknown sample in a malware sandbox to jumpstart the process. Our unknown sample in this Spotlight is the information stealer, Raccoon (also
Read More
2021-02-04

Analyzing a DLL in a Sandbox: Speeding up Analysis of an APT Implant

Recently, Google’s Threat Analysis Group published a blog post about a campaign targeting security researchers, which they attribute to an entity backed by the North Korean government. Using social engineering the attackers try to convince victims to download and open a Visual Studio Project file. This file contains commands that
Read More
2020-12-15

Malware Analysis Spotlight – Hentai Oniichan Ransomware (Berserker Variant)

In this Malware Analysis Spotlight, we analyze the Berserker variant of Hentai Oniichan Ransomware. We’ve observed at least two different variants of Hentai Oniichan Ransomware in-the-wild, King Engine, and Berserker. What we found interesting in our analysis of the Berserker variant is its attempts to make recovery difficult by deleting
Read More
2020-11-18

Malware Analysis Spotlight: AZORult Delivered by GuLoader

Earlier this year, in one of our blog posts we covered GuLoader, a downloader outfitted with advanced anti-analysis techniques that has delivered FormBook, NanoCore, LokiBot, and Remcos among others. Recently, we’ve observed GuLoader delivering AZORult. Active for many years, AZORult is an information stealer that has seen many iterations and
Read More
2020-10-19

Malware Analysis Spotlight: Warzone RAT – Automatically Peeling Away the Layers

10/21/2020: The classification of the malware in this Threat Spotlight has been corrected from “Ave_Maria” to “Warzone RAT”. The source of the distinctive “Ave_Maria” substring can be attributed to the open-source TinyNuke malware, which was reused in some Warzone RAT samples. In TinyNuke the string “AVE_MARIA” is transmitted in the
Read More
2020-10-01

Malware Analysis Spotlight: Formbook (September 2020)

A Fresh Look at an Old Problem Formbook is a well-known malware family of data stealers and form grabbers. Sold as “malware-as-a-service” on hacking forums since early 2016, anyone so inclined can purchase a subscription and use the Formbook tool. It is usually distributed using malspam containing malicious attachments and
Read More

Uncover the truth of Cybersecurity, one story at a time

Keep up to date with our weekly digest of articles. Get the latest news, invites to events, and threat alerts!

Subscribe to our Newsletter

Subscribe to our Newsletter:

Linkedin-in Youtube Facebook-f

Solutions

Products

Why VMRay

Resources

Missed the headlines?

We’re featured in:

image 15
image 16
image 17
image 18
© Copyright 2024 VMRay

ThreatFeed

Linkedin-in Youtube Facebook-f
VMRay Pricing
Try VMRay