Monday, December 2, 2019

Analysis of Malicious ElectrumX Servers Source Code

Some months ago it was reported in reddit  a post about malicious servers on the Electrum network performing phishing attacks against the us...
1 comment:
Tuesday, November 5, 2019

Brief analysis of Redaman Banking Malware (v0.6.0.2) Sample

Redaman is a well-known banking malware, discovered around 2015. Recently I have been analyzing a recent version of the malware (0.6.0.2, no...
2 comments:
Monday, July 29, 2019

Analysis of the Frenchy Shellcode

In this post I analyze a shellcode that I have named "Frenchy shellcode" because of the mutex that it creates (depending on the ve...
Monday, May 13, 2019

Quick Analysis of AgentTesla SMTP Variant Sample (dated 08-05-2019)

In this post I perform a quick analysis of a recent AgentTesla SMTP variant sample, paying special attention to the strings decryptor (most ...
Monday, April 15, 2019

Analysis of .Net Deucalion IrcBot Sample Obfuscated with ConfuserEx+KoiVM

In this post I perform a quick analysis of a sample that seems to be an ircbot, named alphaircbot (based on the any.run tags) or deucalion (...
Friday, March 22, 2019

Analysis of .Net Stealer GrandSteal (2019-03-18)

In this post I share my notes about the analysis of a sample (an stealer written in .Net) whose family is unknown to me (any feedback is wel...
1 comment:
Monday, March 18, 2019

Analysis of BlackMoon (Banking Trojan)'s Evolution, And The Possibility of a Latest Version Under Development

BlackMoon, also known as KrBanker, is a banking trojan that mainly targets South Korea. I thought this family was dead since time ago (aroun...