Catégories
Malware Analysis

MABR 0x02 | DoubleTrouble | In The Core of the Ransomware

During the previous article, we saw the process of unpacking the first stage of the malware. Aside a fairly new anti-debugging technique and process hollowing, this step wasn’t hard. Now that we have successfully unpacked the first stage, let’s jump into it to see its main behaviour.

I will try to be as consice as possible, but trust me, this malware is full of interesting functions.

Catégories
Malware Analysis

MABR 0x02 | DoubleTrouble – Analysis of STOP Ransomware & Vidar Stealer | Unpacking

Back to malware analysis, i recently decided to analyse a completely random sample (as long as it isn’t .NET lol) found on MalwareBazaar, this sample appears to be STOP ransomware.