hasherezade – WindowsTechs.com

Reversing malware in a custom format: Hidden Bee elements

Posted on August 30, 2018 by hasherezade

When we recently analyzed payloads related to Hidden Bee (dropped by the Underminer EK), we noticed something unusual. After reversing the malware, we discovered that its authors actually created their own executable format. Follow our step-by-ste… Continue reading Reversing malware in a custom format: Hidden Bee elements→

Osiris dropper found using process doppelgänging

Posted on August 9, 2018 by hasherezade

Process doppleganging, a rare technique of impersonating a process, was discovered last year, but hasn’t been seen much in the wild since. It was an interesting surprise, then, to discover its use in a dropper of the Osiris banking Trojan. We unpa… Continue reading Osiris dropper found using process doppelgänging→

Malwarebytes CrackMe 2: contest summary

Posted on May 22, 2018 by hasherezade

About three weeks ago, we published our second CrackMe, which has triggered a lot of interest, and many high-quality write-up submissions. In this post, we summarize the contest and comment on the submissions. Whose write-up won? Read on to find o… Continue reading Malwarebytes CrackMe 2: contest summary→

Malwarebytes CrackMe 2: try another challenge

Posted on April 27, 2018 by hasherezade

Last November, we launched the first Malwarebytes CrackMe. Encouraged by an overwhelmingly positive response, we decided to repeat the game—this time making it even harder and more fun.
Categories:

Security world
Technology

Tags: crackmeC… Continue reading Malwarebytes CrackMe 2: try another challenge→

PBot: a Python-based adware

Posted on April 18, 2018 by hasherezade

Recently, we came across a Python-based sample dropped by an exploit kit. Although it arrives under the disguise of a MinerBlocker, it has nothing in common with miners. In fact, it seems to be PBot: a Python-based adware.
Categories:

Malware
Th… Continue reading PBot: a Python-based adware→

Blast from the past: stowaway Virut delivered with Chinese DDoS bot

Posted on March 1, 2018 by hasherezade

A recent Chinese drive-by attack dropped Virut, an ancient virus that’s been out of commission since 2013. So what was it doing in this modern attack?
Categories:

Malware
Threat analysis

Tags: avzhanAvzhan DDoS botChinese drive-by attackDDoS bo… Continue reading Blast from the past: stowaway Virut delivered with Chinese DDoS bot→

Avzhan DDoS bot dropped by Chinese drive-by attack

Posted on February 23, 2018 by hasherezade

The Avzhan DDoS bot is back in the wild again, this time being dropped by a Chinese drive-by attack. In this post, we’ll take a deep dive into its functionality and compare the sample we captured with the one described in the past.
Categories:

M… Continue reading Avzhan DDoS bot dropped by Chinese drive-by attack→

Avzhan DDoS bot dropped by Chinese drive-by attack

Posted on February 23, 2018 by hasherezade

M… Continue reading Avzhan DDoS bot dropped by Chinese drive-by attack→

A coin miner with a “Heaven’s Gate”

Posted on January 17, 2018 by hasherezade

The Heaven’s Gate technique has been around since 2009. But now coin miners are using it to maximize their performance in the target architecture.
Categories:

Malware
Threat analysis

Tags: coin minersHeaven’s Gatemalware analysis

How to solve the Malwarebytes CrackMe: a step-by-step tutorial

Posted on November 10, 2017 by hasherezade

One of our analysts created a Malwarebytes CrackMe—an exercise in malware analysis—that was released to the community on Twitter and triggered a positive response.

Categories:

Malwarebytes news

Tags: crackme malware analyst exercise Malwarebytes CrackMe

The post How to solve the Malwarebytes CrackMe: a step-by-step tutorial appeared first on Security Boulevard.

Continue reading How to solve the Malwarebytes CrackMe: a step-by-step tutorial→