malware analysis – Page 3 – WindowsTechs.com

The rise of malicious Chrome extensions targeting Latin America

Posted on July 28, 2023 by Itzik Chimino

In its latest research, IBM Security Lab has observed a noticeable increase in campaigns related to malicious Chrome extensions, targeting Latin America with a focus on financial institutions, booking sites, and instant messaging. This trend is particularly concerning considering Chrome is one of the most widely used web browsers globally, with a market share of […]

The post The rise of malicious Chrome extensions targeting Latin America appeared first on Security Intelligence.

Continue reading The rise of malicious Chrome extensions targeting Latin America→

Understanding Remote Access Trojan Software [closed]

Posted on July 18, 2023 by helpless

I am trying to learn more about Remote Access Trojan Software like Quasar.
From the little amount I understand of how a RAT works is that you create an infected exe file and then send this out to your targets. Once they click on this exe f… Continue reading Understanding Remote Access Trojan Software [closed]→

How to analyze code files (Java, PHP, Python) for malicious code? [duplicate]

Posted on July 6, 2023 by Samuel Smith

How can we analyze files like .jar or .php or .py files for malicious code?
I need to automate the analysis process using machine learning. What should be the features in these cases?

Continue reading How to analyze code files (Java, PHP, Python) for malicious code? [duplicate]→

TCP/IP Services Application in Windows 10 and it’s usage as DDoS client

Posted on June 28, 2023 by ZecosMAX

Recently I’ve been hit with a virus which uses ‘Simple TCP/IP services’ in Windows 10. It was using quite a lot of upload bandwidth (pic 1) and sending chargen packets using UDP to several IPs that I checked with wireshark (pic 2)
pic 1:

… Continue reading TCP/IP Services Application in Windows 10 and it’s usage as DDoS client→

Obfuscation Using Python Bytecode

Posted on June 16, 2023 by Roza Maille

1.1 Introduction I love when I get tossed a piece of unique malware. Most of the time, malware is obfuscated using PowerShell or a dropper written in C. This time, however, it was obfuscated using Python. How fun! My first thought when I was asked to look at it was, “It’s Python. I’ll just read…

The post Obfuscation Using Python Bytecode appeared first on TrustedSec.

Continue reading Obfuscation Using Python Bytecode→

The Nightmare of Proc Hollow’s Exe

Posted on June 13, 2023 by Roza Maille

In the last blog on Parent Process ID (PPID) Spoofing, we discussed how to hide the malicious process by giving it a legit parent. In this blog, we are going to discuss yet another method of hiding malicious code, using Process Hollowing. At a high level, this is where malicious code launches a new process,…

The post The Nightmare of Proc Hollow’s Exe appeared first on TrustedSec.

Continue reading The Nightmare of Proc Hollow’s Exe→

PPID Spoofing: It’s Really this Easy to Fake Your Parent

Posted on May 30, 2023 by Roza Maille

1 New Blog Series on Common Malware Tactics and Tricks This will be the first post in a series of blogs covering some common malware tactics and tricks. The following list is of topics that will be discussed in these blogs. However, feel free to reach out if there is topic that is not on…

The post PPID Spoofing: It’s Really this Easy to Fake Your Parent appeared first on TrustedSec.

Continue reading PPID Spoofing: It’s Really this Easy to Fake Your Parent→

How to know if you have downloaded a malware on a virtual machine [duplicate]

Posted on May 15, 2023 by you dont need to know this

First, I’m a complete beginner, my only experience in malware is running windows defender lol. But I will try my best to learn anything that you guys recommend.
My younger brother keeps downloading games from shady websites, thankfully til… Continue reading How to know if you have downloaded a malware on a virtual machine [duplicate]→

OTX alienvault | API | Get new pulses of the last 24h

Posted on May 2, 2023 by bbbdfbfdvbdfvd

I would like to get the "pulses" of the last 24h from the Alienvault OTX API, as a free user.
I tried using /api/v1/pulses/subscribed with the modified_since: parameter. As the name suggests this does not return new pulses, only … Continue reading OTX alienvault | API | Get new pulses of the last 24h→

Ex-Conti and FIN7 Actors Collaborate with New Backdoor

Posted on April 14, 2023 by Charlotte Hammond

Former Conti syndicate and FIN7 members have collaborated to use a new backdoor dubbed “Minodo” to deliver the Project Nemesis infostealer. Explore the intricate nature of cooperation among cybercriminal groups and their members with in-depth analysis from IBM Security X-Force experts.

The post Ex-Conti and FIN7 Actors Collaborate with New Backdoor appeared first on Security Intelligence.

Continue reading Ex-Conti and FIN7 Actors Collaborate with New Backdoor→