本エントリは This Week in 4n6 (FourAndSix=Forensics) で紹介された各記事の冒頭を表示し、チェックする記事をザッピングするために自動生成&投稿したものです。4n6 は こちら からご確認いただけます。
MALWARE
Adam at Hexacorn
Posted on 2024-08-13 by adam Every once in a while you will run into samples that themselves do not run. Some use anti- techniques, some require command line arguments, command line input, others require configuration and/or data files, and then some fail if the specific network resource is no longer available, plus there are some that may be password-protected or their successful payload decryption relies on victim system-specific guardrails… In this post I will look at a slightly different cat...
Any.Run
August 14, 2024 Add comment 264 views 5 min read HomeCybersecurity LifehacksWhat is an Interactive Malware Sandbox? Recent posts Advanced Process Details: See How Each Process Interacts with the System 265 0 What is an Interactive Malware Sandbox? 264 0 What Are Emerging Threats and How to Investigate Them 1568 0 HomeCybersecurity LifehacksWhat is an Interactive Malware Sandbox? Today’s malware is complex, and often comes with a wide assortment of evasion methods. Many families got so good at ev...
August 15, 2024 Add comment 265 views 6 min read HomeInstructions on ANY.RUNAdvanced Process Details: See How Each Process Interacts with the System Recent posts Advanced Process Details: See How Each Process Interacts with the System 265 0 What is an Interactive Malware Sandbox? 264 0 What Are Emerging Threats and How to Investigate Them 1568 0 HomeInstructions on ANY.RUNAdvanced Process Details: See How Each Process Interacts with the System When you investigate suspicious files or potential m...
Assaf Morag at Aqua
Arete
Share8/12/2024Topics:Arete AnalysisCombating RansomwareTipsExecutive Summary Since April 2024, Arete’s Incident Response (IR) team has responded to multiple engagements attributed to the Fog ransomware group. Engagements attributed to this group have been trending up since mid-June and through July 2024, accounting for nearly 20% of Arete’s ransomware and extortion engagements in July. The Fog ransomware group is especially noteworthy as it is one of the few threat actors specifically targeting ...
Blaze’s Security Blog
Today's post is a brief one on some Microsoft Word and sandbox detection / discovery / fun.Collect user name from Microsoft OfficeMost sandboxes will trigger somehow or something if a tool or malware tries to collect system information or user information. But what if we collect the user name via the registry and more specifically, what user info Microsoft Office sees?This information is stored in the Current User hive, Software\Microsoft\Office\Common\UserInfo.10-second code and we can whip up:...
Elastic Security Labs
Beyond the wail: deconstructing the BANSHEE infostealerThe BANSHEE malware is a macOS-based infostealer that targets system information, browser data, and cryptocurrency wallets.10 min readMalware analysisPreamble In August 2024, a novel macOS malware named "BANSHEE Stealer" emerged, catching the attention of the cybersecurity community. Reportedly developed by Russian threat actors, BANSHEE Stealer was introduced on an underground forum and is designed to function across both macOS x86_64 and A...
Eduardo Altares and Joie Salvio at Fortinet
By Eduardo Altares and Joie Salvio | August 15, 2024 Article Contents By Eduardo Altares and Joie Salvio | August 15, 2024 Affected platforms: Microsoft Windows Impacted parties: Targeted Windows users Impact: Compromised machines are under the control of the threat actor Severity level: Medium FortiGuard Labs recently encountered an ongoing ValleyRAT campaign specifically targeting Chinese speakers. This malware has historically targeted e-commerce, finance, sales, and management enterprises. V...
G Data Security
08/15/2024 G DATA Blog Ten infection and protection layers to deploy malware sounds impressive and very hard to deal with. However, adding more layers counterintuitively does the opposite for antivirus evasion and is not a sign of sophistication. Why is that so? No detections on VirusTotal does not mean it is undetected Adding more evasion layers worsens malware evasion Open source malware: Hard to reverse but easy to detect What is sophistication anyways? References A few days ago, Fortinet pub...
08/16/2024 G DATA Blog We discovered a new stealer in the wild called '"Ailurophile Stealer”. The stealer is coded in PHP and the source code indicates potential Vietnamese origins. It is available for purchase through a subscription model via its own webpage. Through the website's web panel, its customers are provided the ability to customize and generate malware stubs. The Web Panel Stealing capabilities Stealer Overview Configuration file Malware components KillProcess.php GetAutoFill.php Get...
Harfanglab
E-mail*
Christopher Lopez at Kandji
A signed file named TodoTasks was uploaded to VirusTotal on 2024-07-24. This application shares several behaviors with malware we’ve seen that originated in North Korea (DPRK)—specifically the threat actor known as BlueNoroff—such as KandyKorn and RustBucket; given these commonalities, we believe this new malware—which we’re dubbing TodoSwift—is likely from the same source. InfoStealer Uses SwiftUI, OpenDirectory API to Capture Passwords On July 29, @4n6Bexaminer tweeted about a new macOS steale...
