ThreatFeed
Linkedin-in Youtube Facebook-f
VMRay Pricing
Try VMRay

Tag: malware analysis

2017-10-17

Persistent Emotet Malware with a Crafty Social Engineering Technique

Malware Family: Emotet SHA256 455be9278594633944bfdada541725a55e5ef3b7189ae13be8b311848d473b53 View the Full VMRay Analyzer Report With security ever more tightly integrated into operating systems, malware authors often rely on the unwitting participation of an end user to enable malicious action. Social engineering techniques have evolved significantly over the years and last week the VMRay
Read More
2017-09-05
Agentless Detection – Locard’s Exchange Principle Applied to Cybersecurity

Agentless Detection – Locard’s Exchange Principle Applied to Cybersecurity

Marketing departments of Cybersecurity vendors around the globe go into overdrive when they can shout from the rooftops that their solution is ‘agentless’. Sure, that sounds good, but why is this so important? And what is truly agentless? To appreciate the importance of an agentless approach, we’ll go old school
Read More
2017-08-21
Poweliks Malware – Filelessly Persistent

Poweliks Malware – Filelessly Persistent

Malware Family: Poweliks Hash Value SHA256: 4727b7ea70d0fc00f96a28de7fa3d97fa 9d0b253bd63ae54fbbf0bd0c8b766bb View the Full Poweliks Malware Analysis Report One of the key features released in VMRay Analyzer v2.1 is the enhanced analysis of fileless malware (also referred to as “non-malware”). Fileless malware is defined by malware analysis expert Lenny Zeltser as “..malware that
Read More
2017-08-09
Password Protected Word Document Connects to TOR Hidden Service

Password Protected Word Document Connects to TOR Hidden Service

Hash Value SHA256: 3a813df1c8f1e835cc98dd60b799c64e61 db51a259ee30b7235004ccb3c9df64 View the Full Password Protected Word Document Analysis Report Password protected documents are an effective method for malware to bypass anti-virus (AV) and other detection solutions. Typically the AV will not be able to parse the password required from the text of the email used
Read More
2017-06-05
VMRay Analyzer Identifies Resume Containing Evasive Malware

VMRay Analyzer Identifies Resume Containing Evasive Malware

Recently, we received a seemingly innocuous job application with an attached Word document called “resume.doc”. Let’s take a closer look at the malicious behavior embedded in this fake resume. Upon uploading the Word doc into VMRay Analyzer, the signature was sent to our built-in reputation service, where the file hash
Read More
2017-06-01
‘Close’ Doesn’t Count in Cyber Security

‘Close’ Doesn’t Count in Cyber Security

Even though enterprises spend millions every year on information security they still remain vulnerable to persistent cybercriminals in a world where cybercrime like ransomware is pervasive. Organizations cannot afford to do the “bare minimum” when it comes to threat analysis. As the saying goes, ” ‘close’ only counts in horseshoes
Read More
2017-05-17
Jaff Ransomware Hiding in a PDF document

Jaff Ransomware Hiding in a PDF document

The challenge for a malware author today has more to do with creativity than a deep technical understanding. There are plenty of good trojan building tools out there to make the job easier. But once the author has a finished creation, the big challenge is how to get the finished
Read More
2017-05-15
Wanna Decryptor Worm Spreads Over MS17-010 Vulnerability

Wanna Decryptor Worm Spreads Over MS17-010 Vulnerability

About one month ago, the Shadow Brokers hacker group published a set of NSA hacking tools, that included zero-day exploits. One of these exploits is known as the ETERNALBLUE Server Message Block Protocol (SMB) vulnerability (MS17-010). It was only a matter of time before the inevitable happened. A malware author
Read More
2017-05-09

Anti-Sandboxing Techniques in Cerber Ransomware Can’t Detect VMRay Analyzer

A new variant of Cerber ransomware is in the wild and has built-in anti-sandbox tools to detect hooking-based sandbox environments, as explained in this article by Cyphort. The limitations of a hooking-based approach, where a driver is injected into the target environment and ‘hooks’ API calls, allow the malware to
Read More
2017-04-20

Undetected JScript Dropper Installs Sage Ransomware

A popular method to distribute malware (especially ransomware) is to send a JScript file (*.js) by E-Mail or prompt a user surfing the web to execute a file. The goal of this type of attack is to bypass filtering systems that warn users trying to open attachments with certain file
Read More

Uncover the truth of Cybersecurity, one story at a time

Keep up to date with our weekly digest of articles. Get the latest news, invites to events, and threat alerts!

Subscribe to our Newsletter

Subscribe to our Newsletter:

Linkedin-in Youtube Facebook-f

Solutions

Products

Why VMRay

Resources

Missed the headlines?

We’re featured in:

image 15
image 16
image 17
image 18
© Copyright 2024 VMRay

ThreatFeed

Linkedin-in Youtube Facebook-f
VMRay Pricing
Try VMRay