Category: Malware Analysis

  • Blog
  • Category: Malware Analysis
BAZARLOADER: Unpacking an ISO File Infection

BAZARLOADER: Unpacking an ISO File Infection

BAZARLOADER (aka BAZARBACKDOOR) is a Windows-based loader that spreads through attachments in phishing emails. During an infection, the final loader payload typically downloads and executes a Cobalt Strike beacon to provide remote access for the threat actors, which, in a lot of cases, leads to ransomware being deployed to the victim’s machine. In this initial

Read More
MATANBUCHUS: Another Loader as a Service Malware

MATANBUCHUS: Another Loader as a Service Malware

MATANBUCHUS is a commercialized loader that is used to download and launch malware on victim machines such as QAKBOT and COBALT STRIKE beacons. It has been observed that the loader spreads through social engineering in the form of malicious Excel documents. Throughout different versions of the malware, the author has changed the API and string

Read More
HANCITOR: Analysing The Main Loader

HANCITOR: Analysing The Main Loader

This post is a follow up for my last one on HANCITOR. If you haven’t checked it out, you can view it here. In this post, we’ll take a look at the main loader of this malware family, which is used for downloading and launching Cobalt Strike Beacon, information stealers, and malicious shellcode. If you’re

Read More
HANCITOR: Analysing The Malicious Document

HANCITOR: Analysing The Malicious Document

HANCITOR (aka CHANITOR) is a prevalent malware loader that spreads through social engineering in the form of Word or DocuSign® documents. The infected document includes instructions for the victim to manually allow the malicious macro code to be executed. The HANCITOR executable payload dropped by the macro code is used to download other malware on

Read More
DRIDEX: Analysing API Obfuscation Through VEH

DRIDEX: Analysing API Obfuscation Through VEH

DRIDEX is one of the most famous and prevalent banking Trojans that dates back to around late 2014. Throughout its improvement and variations, DRIDEX has been successful in targeting the financial services sector to steal banking information and crucial user credentials. Typically, DRIDEX samples are delivered through phishing in the form of Word and Excel

Read More
SQUIRRELWAFFLE – Analysing The Main Loader

SQUIRRELWAFFLE – Analysing The Main Loader

This is a follow up for my last post on unpacking SQUIRRELWAFFLE’s custom packer. In this post, we will take a look at the main loader for this malware family, which is typically used for downloading and launching Cobalt Strike. Since this is going to be a full analysis on this loader, we’ll be covering

Read More
Receive the latest news

Subscribe & Stay Tuned

Stay updated on new course releases and related InfoSec content