Spectre and Meltdown are attack methodologies enabled by fundamental processor design principles. In particular, they exploit unwanted side effects of caching, speculative/out-of-order execution, and branch target prediction. These features are part of most modern CPUs (Intel, AMD, ARM) and were widely introduced into production in the 1990s to enhance performance. As a result, the performance […]Read More "Our Statement on Spectre and Meltdown"
Welcome to the VMRay Malware Analysis Report Recap. Every month our Research Team provides a recap of the malware analysis reports posted to the VMRay Twitter account. This past December, our team analyzed a variant of Globeimposter ransomware, a Windows Script File (WSF) that downloads a payload to set-up a server to accept incoming connections […]Read More "VMRay Malware Analysis Report Recap – December ’17"
Recently, VMRay sponsored the 480th episode of the popular weekly information security podcast, Risky Business. On the podcast, Incident Response Expert Koen Van Impe, spoke to host Patrick Gray about how he uses VMRay Analyzer for automated malware analysis. Koen gave a great overview of the real-world challenges IR practitioners face and how automated analysis can […]Read More "Risky Business Podcast: Using VMRay Analyzer for Incident Response"
The average corporate employee will receive 75 emails per day. So it’s no surprise that email is still an integral part of daily business processes. With two-thirds of all malware installed via email attachments in 2016 (according to the Verizon’s 2017 Data Breach Investigations Report), it is critical to ensure that employees and company’s internal […]Read More "VMRay Email Sensor: Automated Analysis and Detection of Malicious Email"
The VMRay App for Phantom seamlessly integrates Phantom’s security automation and orchestration platform with VMRay’s agentless malware detection and analysis. This enables security teams to mitigate the risk of potentially malicious files through fast, automated threat detection and analysis. In this video, we present a simple Phantom playbook that automatically scans emails received by an […]Read More "VMRay & Phantom: Protecting Organizations from Malicious Email"
Welcome to the VMRay Malware Analysis Report Recap. Every month our Research Team provides a recap of the malware analysis reports posted to the VMRay Twitter account. This past October, our team analyzed a Word document using a sandbox evasion technique, the execution of shellcode via Dynamic Data Exchange, and NotPetya reborn as BadRabbit. Click the […]Read More "VMRay Malware Analysis Report Recap – October ’17"
Malware Family: Vortex SHA256 Hash Value bd61559c7dcae0edef672ea922ea5cf15496d18cc8c1cbebee9533295c2d2ea9 View the Full VMRay Analyzer Report Macros in Microsoft Office have been used extensively by malware authors as a mechanism to download and execute a malicious payload on a system. Defensive measures introduced by Microsoft such as disabling macros by default have not stopped malware authors as they […]Read More "DDE Ransomware in a Macro-less Word Document"
Malware Family: Emotet SHA256 Hash Vaule 455be9278594633944bfdada541725a55e5ef3b7189ae13be8b311848d473b53 View the Full VMRay Analyzer Report With security ever more tightly integrated into operating systems, malware authors often rely on the unwitting participation of an end user to enable malicious action. Social engineering techniques have evolved significantly over the years and last week the VMRay Research Team identified […]Read More "Persistent Emotet Malware with a Crafty Social Engineering Technique"
This is the second blog in a two-part series describing how VMRay Analyzer’s Intelligent Monitoring capabilities remove the noise from malware analysis. Read part one. VMRay Analyzer’s hypervisor-based monitoring approach provides total visibility into the behavior of a sample under analysis and enables monitoring only parts of the system related to the analysis. This makes […]Read More "6 Ways Intelligent Monitoring Improves Malware Analysis Accuracy & Efficiency"