TA505 threat group use a crypter common to Clop/CryptoMix ransomware and others. We tear it down with a new unpacker utilizing SMT.
Posts Taggedreverse engineeering
How TrickBot Malware Hooking Engine Targets Windows 10 Browsers
Vitali Kremez revealing how TrickBot’s hooking engine targets Chrome, Firefox, Explorer and Edge in Windows 10
Writing Malware Traffic Decrypters for ISFB/Ursnif
Daniel Bunce explains how to decrypt traffic between an attacker’s C2 and an endpoint infected with ISFB malware
Deep Insight into “FIN7” Malware Chain: From Office Macro Malware to Lightweight JS Loader
Vitali Kremez dissecting the ‘Fin7’ malware chain that leverages malicious MS Office Macros and a JS loader.
FIN6 “FrameworkPOS”: Point-of-Sale Malware Analysis & Internals
Vitali Kremez diving into the FIN6 “FrameworkPOS”, targeting payment card data from Point-of-Sale (POS) or eCommerce systems.
RIG Exploit Kit Chain Internals
Vitali Kremez explaining the RIG Exploit Kit and the infection chain internals that led to the Amadey Stealer and Clipboard Hijacker.