Malware Family: Win32/Ramnit Hash Values MD5: 089dc369616dafa44a9f7fefb18e8961 SHA1: c4a2430634b7ca7427d2c055dbbb1fb8cd42a285 SHA256: 4ebafa2738f11d73d06dddf18ce41cf 02c6913f431f2b383f7abaa0d04419f2f View the Full RAMNIT.A Worm Analysis Report Most of the time, links aren’t dangerous without user interaction. Recently, we discovered an innocent-looking link for a JPG picture that prompts a user to activate ActiveX on IE. Leveraging a social engineering technique, if the user […]Read More "404 Error Page Hides RAMNIT.A Worm in the Source Code"
Recently, we received a seemingly innocuous job application with an attached Word document called “resume.doc”. Let’s take a closer look at the malicious behavior embedded in this fake resume. Upon uploading the Word doc into VMRay Analyzer, the signature was sent to our built-in reputation service, where the file hash was queried against known malicious […]Read More "VMRay Analyzer Identifies Resume Containing Evasive Malware"
Even though enterprises spend millions every year on information security they still remain vulnerable to persistent cyber criminals in a world where cybercrime like ransomware is pervasive. Organizations cannot afford to do the “bare minimum” when it comes to threat analysis. As the saying goes, ” ‘close enough’ only counts in horseshoes and hand grenades” and not in […]Read More "‘Close Enough’ Doesn’t Count in Cyber Security"
The challenge for a malware author today has more to do with creativity than a deep technical understanding. There are plenty of good trojan building tools out there to make the job easier. But once the author has a finished creation, the big challenge is how to get the finished product to the victims. Embedding […]Read More "Jaff Ransomware Hiding in a PDF document"
About one month ago, the Shadow Brokers hacker group published a set of NSA hacking tools, that included zero-day exploits. One of these exploits is known as the ETERNALBLUE Server Message Block Protocol (SMB) vulnerability (MS17-010). It was only a matter of time before the inevitable happened. A malware author used this vulnerability to spread ransomware […]Read More "Wanna Decryptor Worm Spreads Over MS17-010 Vulnerability"
A new variant of Cerber ransomware is in the wild and has built-in anti-sandbox tools to detect hooking-based sandbox environments, as explained in this article by Cyphort. The limitations of a hooking-based approach, where a driver is injected into the target environment and ‘hooks’ API calls, allow the malware to easily detect the analysis environment. This […]Read More "Anti-Sandboxing Techniques in Cerber Ransomware Can’t Detect VMRay Analyzer"
In dealing with potentially malicious files, IT security teams in most organizations are challenged with arduous forensics and mitigation processes that involve a series of manual, repetitive tasks. The VMRay App for Phantom seamlessly integrates Phantom’s security automation and orchestration platform with VMRay’s agentless malware detection and analysis. This enables security teams to mitigate the […]Read More "Detect, Analyze, Block: Introducing the VMRay App for Phantom"
Multi-vendor security frameworks are a reality in virtually every enterprise. InfoSec teams need to manage that reality in order to protect the organization’s assets and data against targeted cyber-attacks and advanced malware. Deploying multi-vendor products means that there can often be challenges related to interoperability and integration. At VMRay, we are committed to ensuring that our […]Read More "Introducing the VMRay Analyzer Add-On for Splunk"
A popular method to distribute malware (especially ransomware) is to send a JScript file (*.js) by E-Mail or prompt a user surfing the web to execute a file. The goal of this type of attack is to bypass filtering systems that warn users trying to open attachments with certain file extensions (e.g. .exe) or disallow […]Read More "Undetected JScript Dropper Installs Sage Ransomware"
One of the key features in VMRay Analyzer 2.0 is the built-in reputation engine that identifies known malicious or known benign files in milliseconds. The addition of the reputation engine gives Incident Responders and Malware Analysts a powerful “One-Two” combination of rapid threat detection and detailed analysis of malware behavior. To illustrate the benefits of […]Read More "[Video] Analyzing a Malicious Microsoft Word Document"