RATicate: an attacker’s waves of information-stealing malware

Credit to Author: markelpicado| Date: Thu, 14 May 2020 11:00:42 +0000

In a series of malspam campaigns dating back to November of 2019, an unidentified group sent out waves of installers that drop remote administration tool (RAT) and information stealing malware on victims&#8217; computers. We&#8217;ve identified five separate campaigns between November, 2019 and January, 2020 in which the payloads used similar packing code and pointed to [&#8230;]<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/3jTVkM9mz_o” height=”1″ width=”1″ alt=””/>

Read more

Jetzt für alle: Per API-Analysetool die SophosLabs-Expertise anzapfen

Credit to Author: Jörg Schindler| Date: Wed, 04 Dec 2019 08:16:44 +0000

Heute einmal eine Interessante Sache in eigener Sache: Sophos hat diese Woche den Start von SophosLabs Intelix bekannt gegeben. Die Cloud-basierte Threat-Intelligence&#8211; und Analyseplattform ermöglicht es Anwendern, sicherere Anwendungen zu entwerfen. Programmierer haben via APIs Zugriff auf die Intelix Plattform, um mit aktuellem Cyber-Bedrohungs-Know-how Dateien, URLs und IP-Adressen zu bewerten. Auf der Plattform aktualisiert und [&#8230;]<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/OEe6Goz7ts0″ height=”1″ width=”1″ alt=””/>

Read more

New version of IcedID Trojan uses steganographic payloads

Credit to Author: Threat Intelligence Team| Date: Tue, 03 Dec 2019 18:06:13 +0000

We take a deep dive into the IcedID Trojan, describing the new payloads of this advanced malware.

Categories:

Tags:

(Read more…)

The post New version of IcedID Trojan uses steganographic payloads appeared first on Malwarebytes Labs.

Read more

Analyzing a new stealer written in Golang

Credit to Author: hasherezade| Date: Wed, 30 Jan 2019 17:00:00 +0000

We captured a new information-stealing malware written in Golang (Go). Read up on our analysis of its functionality, as well as the tools researchers can use to unpack malware written in this relatively new programming language.

Categories:

Tags:

(Read more…)

The post Analyzing a new stealer written in Golang appeared first on Malwarebytes Labs.

Read more

Malware analysis: decoding Emotet, part 1

Credit to Author: Vishal Thakur| Date: Fri, 25 May 2018 15:00:00 +0000

In the first part of this two-part analysis of Emotet, we look at the VBA code, where you’ll learn how to recognize and discard “dead” code thrown in to complicate the analysis process.

Categories:

Tags:

(Read more…)

The post Malware analysis: decoding Emotet, part 1 appeared first on Malwarebytes Labs.

Read more

Spartacus ransomware: introduction to a strain of unsophisticated malware

Credit to Author: Vasilios Hioureas| Date: Mon, 30 Apr 2018 17:40:09 +0000

Spartacus ransomware is a fairly new variant seen in 2018. We’ll walk you through the malware sample to analyze the code in detail, and help you learn how to get an obfuscated .NET sample into a readable state.

Categories:

Tags:

(Read more…)

The post Spartacus ransomware: introduction to a strain of unsophisticated malware appeared first on Malwarebytes Labs.

Read more

An in-depth malware analysis of QuantLoader

Credit to Author: Malwarebytes Labs| Date: Wed, 28 Mar 2018 16:00:00 +0000

QuantLoader is a Trojan downloader that has been used in campaigns serving a range of malware, including ransomware, Banking Trojans, and RATs. In this post, we’ll take a high-level look at the campaign flow, as well as a deep dive into how the malware executes.

Categories:

Tags:

(Read more…)

The post An in-depth malware analysis of QuantLoader appeared first on Malwarebytes Labs.

Read more

A coin miner with a “Heaven’s Gate”

Credit to Author: hasherezade| Date: Wed, 17 Jan 2018 16:00:00 +0000

The Heaven’s Gate technique has been around since 2009. But now coin miners are using it to maximize their performance in the target architecture.

Categories:

Tags:

(Read more…)

The post A coin miner with a “Heaven’s Gate” appeared first on Malwarebytes Labs.

Read more