Catégories
Malware Analysis

MABR 0x02 | Diving into VIDAR’s vengeance

In the last article, we analysed STOP ransomware and discovered all its features. We saw that it is dropping VIDAR to steal data on victims computers prior to encrypt them. We will now see how VIDAR works. But first, let take a quick look of the executable that STOP dropped before VIDAR.

Catégories
Malware Analysis

MABR 0x02 | DoubleTrouble | In The Core of the Ransomware

During the previous article, we saw the process of unpacking the first stage of the malware. Aside a fairly new anti-debugging technique and process hollowing, this step wasn’t hard. Now that we have successfully unpacked the first stage, let’s jump into it to see its main behaviour.

I will try to be as consice as possible, but trust me, this malware is full of interesting functions.

Catégories
Malware Analysis

MABR 0x02 | DoubleTrouble – Analysis of STOP Ransomware & Vidar Stealer | Unpacking

Back to malware analysis, i recently decided to analyse a completely random sample (as long as it isn’t .NET lol) found on MalwareBazaar, this sample appears to be STOP ransomware.

Catégories
Malware Analysis

Malware Analysis by a Rookie | 0x01 Emotet Malicious Doc

Après avoir lu beaucoup d’articles concernant les agissements du groupe cyber-criminel Emotet et son malware éponyme, j’ai enfin l’opportunité de l’analyser de mes propres mains, un sample tout frais sorti d’une boîte mail de mon entreprise.