Category: Malware Analysis

  • Blog
  • Category: Malware Analysis
HANCITOR: Analysing The Malicious Document

HANCITOR: Analysing The Malicious Document

HANCITOR (aka CHANITOR) is a prevalent malware loader that spreads through social engineering in the form of Word or DocuSign® documents. The infected document includes instructions for the victim to manually allow the malicious macro code to be executed. The HANCITOR executable payload dropped by the macro code is used to download other malware on

Read More
DRIDEX: Analysing API Obfuscation Through VEH

DRIDEX: Analysing API Obfuscation Through VEH

DRIDEX is one of the most famous and prevalent banking Trojans that dates back to around late 2014. Throughout its improvement and variations, DRIDEX has been successful in targeting the financial services sector to steal banking information and crucial user credentials. Typically, DRIDEX samples are delivered through phishing in the form of Word and Excel

Read More
SQUIRRELWAFFLE – Analysing The Main Loader

SQUIRRELWAFFLE – Analysing The Main Loader

This is a follow up for my last post on unpacking SQUIRRELWAFFLE’s custom packer. In this post, we will take a look at the main loader for this malware family, which is typically used for downloading and launching Cobalt Strike. Since this is going to be a full analysis on this loader, we’ll be covering

Read More
SQUIRRELWAFFLE – Analysing the Custom Packer

SQUIRRELWAFFLE – Analysing the Custom Packer

In the last month, I have heard and seen a lot about SQUIRRELWAFFLE on Twitter, a new loader that has been used in email-based campaigns to download Cobalt Strike or Qakbot to the victim’s machine, so I figure it will be fun to take a look at this new actor! In the initial stage of

Read More
Quack Quack: Analysing Qakbot’s Browser Hooking Module – Part 1

Quack Quack: Analysing Qakbot’s Browser Hooking Module – Part 1

Qakbot is one of the most notorious malware families currently operating, and dates back to around 2007. It is primarily focused around stealing banking information and user credentials, however with the huge jump in ransomware popularity among threat actors, Qakbot has been seen to drop Egregor and the ProLock ransomware. As it is primarily operated

Read More
New TA402/MOLERATS Malware – Decrypting .NET Reactor Strings

New TA402/MOLERATS Malware – Decrypting .NET Reactor Strings

It’s sure been a while since the last post! We’ve gone through several iterations of website design over the past few months (plus fixing all the malformed images due to the theme transfer), but should be back for good now! For this commemorative post, we’ll be diving into a recently discovered malware sample known as

Read More
Receive the latest news

Subscribe & Stay Tuned

Stay updated on new course releases and related InfoSec content