Malware analysis

Virtual Machines are usually considered a good way to analyze malware as they can provide an isolated environment for the malware to trigger but their actions...

It is one thing to be able to execute a simple SQL injection attack; it is another to do a proper investigation of such an attack. Unfortunately, there is not...

Recently the researchers at ESET firm spotted a new wave of malware-based attacks that are targeting media outlets and energy companies in Ukraine. The threat...

As per our previous article we will continue on this article here by the rest of section of PE file. Those who don't know the previous section please have...

Pony is a stealer Trojan and has been active for quite a while now. It was responsible for stealing over $200,000 in bitcoins ( https://threatpost.com/latest-instance-of-pony-botnet-pilfers-200k-700k-credentials/104463/)...

A stealer is a type of malware that looks for passwords stored on the machine and sends them remotely (e.g. mail, HTTP) to an attacker. Most stealers use a...

Pony is a stealer Trojan and has been active for quite a while now. It was responsible for stealing over $200,000 in bitcoins ( https://threatpost.com/latest-instance-of-pony-botnet-pilfers-200k-700k-credentials/104463/)...

MD5: 67877403db7f8ce451b72924188443f8 In the main function of the malware, two subroutines are used for checking whether the malware is already installed on...

The bot configuration is encrypted inside the bot and decrypted while the bot is running. In 1.0.2.5, 1.5 and 1.6 versions, BetaBot uses RC4 and some XOR...

Now, you get the original Andromeda build file. Load the unpacked sample at OllyDBG. As before, after the stack frame at the EP, you see that the malware is...