Malware analysis

Pony is a stealer Trojan and has been active for quite a while now. It was responsible for stealing over $200,000 in bitcoins ( https://threatpost.com/latest-instance-of-pony-botnet-pilfers-200k-700k-credentials/104463/)...

MD5: 67877403db7f8ce451b72924188443f8 In the main function of the malware, two subroutines are used for checking whether the malware is already installed on...

The bot configuration is encrypted inside the bot and decrypted while the bot is running. In 1.0.2.5, 1.5 and 1.6 versions, BetaBot uses RC4 and some XOR...

Now, you get the original Andromeda build file. Load the unpacked sample at OllyDBG. As before, after the stack frame at the EP, you see that the malware is...

Andromeda, also known as Win32/Gamarue, is an HTTP based botnet. It was first spotted in late 2011, and is still at this moment used a lot in herding. It has...

All the Stuff  You Know Before Starting Research Malware research contains a lot of information like reverse engineering, exploit-kit, exploit analysis, botnet...

In this article series, we will learn about one of the most predominant malware, named Gh0st RAT, whose source code is dated back to 2001 but it is still relevant...

Malicious attackers are constantly on the lookout for new and advanced attacks, which they use to spread malware around the world. There are a vast number of...

If you follow security news, I am sure you have heard of SoakSoak malware. It has been in the news for the past few days because it affects more than 100,000+...

This technique is used in scenarios where critical information such as Social Security Number (SSN) or Personal Identification Number (PIN) is otherwise not...