Summary: PSLoramyra is a sophisticated fileless malware loader that utilizes PowerShell, VBS, and BAT scripts to inject and execute malicious payloads directly in memory. Its stealthy execution and minimal system footprint allow it to evade traditional detection methods, posing a significant threat to systems. #FilelessMalware #MalwareAnalysis #PSLoramyra Keypoints: PSLoramyra is classified as a fileless loader, bypassing traditional detection methods.…
Read More

Summary:

HawkEye, also known as PredatorPain, is a long-standing malware primarily functioning as a keylogger but has evolved to include functionalities typical of stealers. Initially emerging in 2008, it gained notoriety through spearphishing campaigns and has been utilized by various threat actors. Its delivery methods have diversified over time, and it has shown resilience in adapting to new evasion techniques and maintaining persistence on infected systems.…
Read More

Summary:

This article analyzes two infection techniques used by AsyncRAT malware via open directories. It highlights the evolving methods attackers employ to exploit publicly accessible files, showcasing the persistent threat posed by AsyncRAT and its diverse strategies for infiltration and control.

Keypoints:

AsyncRAT is a Remote Access Trojan (RAT) used for spying and data theft.…
Read More
Short Summary

The article from ANY.RUN discusses recent cyber threats identified in October 2024, focusing on the APT-C-36 group, known as BlindEagle, which targets the LATAM region through phishing attacks. It details their tactics, including the use of Remote Access Tools (RATs) like Remcos and AsyncRAT, and highlights other phishing campaigns exploiting fake CAPTCHA prompts and encoded JavaScript files.…

Read More

Short Summary:

The article provides a comprehensive analysis of the DarkComet Remote Access Trojan (RAT), detailing its capabilities, methods of infection, and the technical mechanisms it employs to evade detection and maintain persistence on infected systems. DarkComet allows attackers to remotely control systems, steal sensitive data, and execute various malicious activities while remaining stealthy and difficult to detect.…

Read More

Short Summary:

The article provides a detailed analysis of PhantomLoader, a malware loader that disguises itself as a legitimate DLL for antivirus software. It is used to deliver a rust-based malware called SSLoad, which employs various evasion techniques. The analysis outlines the infection chain, including the use of phishing emails, malicious Office documents, and advanced obfuscation methods.…

Read More
Short Summary: The article provides a comprehensive analysis of AZORult, a sophisticated malware designed to steal credentials and payment card information. It highlights the malware’s evolution, behavior, evasion techniques, and operational tactics, emphasizing its adaptability and complexity. Key Points: AZORult is a credential and payment card information stealer that also functions as a downloader for other malware.…
Read More

Short Summary:

This article discusses recent phishing campaigns analyzed by ANY.RUN researchers, focusing on the Tycoon 2FA Phish-kit and its various evolutions. The campaigns utilize compromised Amazon SES accounts and employ sophisticated techniques to deceive victims into revealing their credentials through fake error messages and legitimate-looking links.…

Read More

“`html

Short Summary

The DeerStealer distribution campaign involves malware spread through fake Google Authenticator websites. The malware captures user information and downloads a stealer hosted on GitHub. It communicates with a Telegram bot and employs obfuscation techniques to hinder analysis. The campaign is linked to previous malware families, suggesting a common author.…

Read More
Recent posts HomeMalware Analysis Brute Ratel C4 Badger Used to Load Latrodectus

Editor’s note: The current article is authored by Mohamed Talaat, a cybersecurity researcher and malware analyst. You can find Mohamed on X and LinkedIn.

Brute Ratel C4 (BRC4) is a customized, commercial command and control (C2) framework that was first introduced in December 2020.…

Read More
Recent posts HomeMalware Analysis Find Threats Exploiting CrowdStrike Outage with TI Lookup  

A recent update by CrowdStrike on July 18, 2024, resulted in a worldwide outage, causing significant disruption for users who were left with blue screens of death (BSODs) on their devices.

Cybercriminals seized the opportunity to target affected users with phishing scams and malware disguised as updates or hotfixes. …

Read More
Recent posts HomeMalware Analysis Analysis of the Phishing Campaign: Behind the Incident

In this post we detail our comprehensive investigation into the phishing campaign encountered by our company. Our aim is to help others better understand this ongoing threat and take steps to protect themselves.

Here are some key findings: 

We found around 72 phishing domains pretending to be real or fake companies.…
Read More
Recent posts HomeMalware Analysis Analyzing Malware Protected with Themida and VMprotect: Is It Really That Hard?

Malware authors use protectors like Themida and VMProtect in the hope that they will completely prevent analysts from reversing samples.  

These protectors can use sophisticated techniques to hide malicious functionality: code virtualization, obfuscation, anti-debugging, compression, and encryption.…

Read More