Blog

Analyzing North Korean Malware – Joanap/Brambul Dropper

Analyzing North Korean Malware – Joanap/Brambul Dropper

So you may have heard that the FBI have linked three strains of malware to a North Korean cybercrime group known as Lazarus (or HIDDEN COBRA, take your pick). The first strain is a Dropper (which is what I will be analyzing in this post) that contains two DLL’s (these are the other two strains):

Read More
Analyzing a MuddyWater APT Sample

Analyzing a MuddyWater APT Sample

I recently had an extremely long plane trip, so I thought what better way to spend it then analyzing an extremely obfuscated, multi stage VBS/Powershell Backdoor? (Part 2 of the Graftor analysis was in the process of being written up, so I decided to focus my efforts on something that didn’t require an internet connection).

Read More
(Part 2): (Brief) Analysis of (Not) Adware.Graftor

(Part 2): (Brief) Analysis of (Not) Adware.Graftor

If you haven’t read Part 1, this part might be a bit confusing  Upon further analysis and some cross referencing, I soon realized that the sample I was analyzing (at least the svchost injected process) was in fact a variant of Tofsee, rather than an adware variant of Graftor, I will explain why further on 🙂 I

Read More
(Part 1): Analysis of Adware.Graftor

(Part 1): Analysis of Adware.Graftor

Trying to keep up with regular posts, I found another malicious sample on VirusBay recently that I was quite interested in analyzing, mainly because it was 14.3 Megabytes large. Unless it was written in Python and compiled, I had no idea what it could be – so let’s find out! – As this malware randomized

Read More
Analysis of an Emotet Downloader

Analysis of an Emotet Downloader

I recently found a sample of an Emotet Downloader that I downloaded from VirusBay and I had yet to examine it, so I decided that this post would be an analysis of the Downloader. This file is still available on VirusBay, and I highly suggest creating an account there if you are interested in Malware Analysis or

Read More
Reverse Engineering CannibalRAT

Reverse Engineering CannibalRAT

Today we will be reversing some compiled Python malware – which in my opinion is one of the easiest things to reverse back into understandable code. We will be using IDA Pro (The free version – version 5), UPX, PEStudio, Python and a Python module called “Uncompyle6” which allows us to convert .pyc byte code

Read More
Receive the latest news

Subscribe & Stay Tuned

Stay updated on new course releases and related InfoSec content