Cycbot is a malware that spreads using instant messaging and removable drives and contains backdoor functionality that allows unauthorized access to an affected computer.
When Cycbot malware is executed, it drops several malicious files in the Appdata folder of the victim machines, and then it tries to contact a malicious […]
Kuluoz is a known botnet which was released mid 2012 and was known by different names such as weelsof, win32, Dofoil, etc. Kuluoz is usually spread by sending suspicious mail to the target user, and later the traffic leaving the network consists of POST requests encoded in a unique […]
In this tutorial we’ll take a look at a Pafish tool, which performs anti debugger/vm/sandbox tricks to detect whether the malware is being executed in a debugger, in a virtual machine or in a sandbox.
Malware analysis today depends on a great deal of factors, but we’re often using a […]
In my previous article, I told the story of the very first worms and viruses. Interestingly, a groundbreaking mathemetician, John von Neumann, and a science fiction novelist, John Brunner, conceptualized them before anyone ever coded them.
We often see this sort of thing in the world of science and technology. […]
The Dirty decrypter is a crypto ransomware; its intention is to encrypt the compromised user’s pictures, documents, videos etc making them unusable. The malware coerces you to pay large sums of money to decrypt any of these files. Failure to pay this sum will cause the malware to destroy […]
These days, malware is an everyday concern, even among ordinary end users. A countless amount of money is lost every year worldwide due to malware, possibly in the hundreds of billions, but it’s difficult to accurately quantify.
The money lost has causes ranging from lost hours of office productivity, to […]
This article is the second part of a series on NSA BIOS Backdoor internals. This part focuses on BULLDOZER, a hardware implant acting as malware dropper and wireless communication “hub” for NSA covert operations. Despite that BULLDOZER is a hardware, I still use the word “malware” when referring to […]
A sequence of data breaches suffered by principal US retailers Target and Neiman Marcus has put Americans on alert. A total of more than a hundred million people may have been a victim of a cyber attacks against POS systems in the stores of the two giants.
The attackers used […]
In the previous article, “Portable Malware Lab for Beginners,” I spoke about nested virtual machines, i.e., deploying a virtual machine with QEMU and Cuckoo. This acts as a base system for our portable malware analysis lab.
However, malware analysis is not limited to execution of a Windows binary; various other […]
Memory forensic is a skill to find out all the artefacts in the memory that is present in the running computer. It is an interesting method to find out what are the running process, open network connections, registry handles, kernel modules etc. It looks rosy when you hear all […]
Malwares are usually packed with custom packers, which make static and dynamic analysis difficult. Some of the static analysis tools do not work on packed samples because packed is not in its real form, also its defeats anti-virus programs which work based on the kind of static signature detection. […]