Malware analysis

Pony is a stealer Trojan and has been active for quite a while now. It was responsible for stealing over $200,000 in bitcoins ( https://threatpost.com/latest-instance-of-pony-botnet-pilfers-200k-700k-credentials/104463/)...

MD5: 67877403db7f8ce451b72924188443f8 In the main function of the malware, two subroutines are used for checking whether the malware is already installed on...

The bot configuration is encrypted inside the bot and decrypted while the bot is running. In 1.0.2.5, 1.5 and 1.6 versions, BetaBot uses RC4 and some XOR...

Now, you get the original Andromeda build file. Load the unpacked sample at OllyDBG. As before, after the stack frame at the EP, you see that the malware is...

Andromeda, also known as Win32/Gamarue, is an HTTP based botnet. It was first spotted in late 2011, and is still at this moment used a lot in herding. It has...

Part One of this series was a very basic level, and had only thrown light on what Moose Malware actually is, as well as its components and related IoC's. In...

Lethic is a spam botnet consisting of an estimated 210 000 - 310 000 individual machines which are mainly involved in pharmaceutical and replica spam. At the...

In this article series, we will learn about a famous Linux family of malware known as MOOSE, which is used to steal unencrypted traffic over the wire and infect...

So far, in the previous articles, we learnt how to exploit an application remotely. We ran the Python script directly on the Machine B, which was the attacker...

All the Stuff  You Know Before Starting Research Malware research contains a lot of information like reverse engineering, exploit-kit, exploit analysis, botnet...