Catégories
Challenges Malware Analysis

Z2A Challenge 0x3 | Danabot Delphi Loader

Dans le cadre du challenge Zero2Automated maintenant distribué toutes les 3 semaines, l’objectif était de développer un script permettant d’extraire les adresses IP de tout sample Danabot de la même campagne.

Catégories
Challenges Malware Analysis

Z2A Challenge 0x2 | Packed Oski Stealer – Get Lazy !

This week, @OverflOw from Zero 2 Automated course gave us a new challenge. The goal this time is to unpack a sample, find and reverse its string decryption routine and produce a script that will write them into our disassembler.

Catégories
Malware Analysis

MABR 0x02 | Diving into VIDAR’s vengeance

In the last article, we analysed STOP ransomware and discovered all its features. We saw that it is dropping VIDAR to steal data on victims computers prior to encrypt them. We will now see how VIDAR works. But first, let take a quick look of the executable that STOP dropped before VIDAR.

Catégories
Malware Analysis

MABR 0x02 | DoubleTrouble | In The Core of the Ransomware

During the previous article, we saw the process of unpacking the first stage of the malware. Aside a fairly new anti-debugging technique and process hollowing, this step wasn’t hard. Now that we have successfully unpacked the first stage, let’s jump into it to see its main behaviour.

I will try to be as consice as possible, but trust me, this malware is full of interesting functions.

Catégories
Malware Analysis

MABR 0x02 | DoubleTrouble – Analysis of STOP Ransomware & Vidar Stealer | Unpacking

Back to malware analysis, i recently decided to analyse a completely random sample (as long as it isn’t .NET lol) found on MalwareBazaar, this sample appears to be STOP ransomware.

Catégories
Malware Analysis

Malware Analysis by a Rookie | 0x01 Emotet Malicious Doc

Après avoir lu beaucoup d’articles concernant les agissements du groupe cyber-criminel Emotet et son malware éponyme, j’ai enfin l’opportunité de l’analyser de mes propres mains, un sample tout frais sorti d’une boîte mail de mon entreprise.