VMRay Blog

Stay current on the threat landscape with industry-leading cybersecurity insights!

Overview A new malware family called Stealc was released recently, which is a Spyware designed to copy files, credentials and other sensitive information from the victim’s hard drive and make them available to the attacker. It also employs a variety of techniques to evade detection, including one technique based on

Introduction With this article, we are ready to share a new series of posts that will reveal the latest signature and detection changes. Constant research in threat landscape is vital to VMRay products – DeepResponse, FinalVerdict and TotalInsight – as it allows us to react to the latest malware developments

Introduction With this article, we are ready to share a new series of posts that will reveal the latest signature and detection changes. Constant research in threat landscape is vital to VMRay products – DeepResponse, FinalVerdict and TotalInsight – as it allows us to react to the latest malware developments

Introduction Historically, leveraging shared threat intelligence for malware detection has presented significant challenges to security teams. These challenges stem from the ever-evolving nature of malware threats, as well as the need for timely and accurate intelligence sharing among relevant parties. Traditional hash-based indicators, which rely on precise matches, frequently fall

Introduction Finally, spring has come to our headquarters, bringing a fresh and new start. The freshness came around to VMRay’s products, too, as we are proud to introduce our new product portfolio that aims to boost the productivity of security operations. You will find more information on our products further

Introduction As threat actors continue to evolve their tactics for distributing malware, we’ve been hard at work to stay on top of the latest trends to ensure VMRay platform can effectively analyze new file formats. One such attack trend that has gained popularity among threat actors is OneNote attachments. Microsoft

Introduction Just before closing off the year 2022, a new ransomware called CatB appeared on VirusTotal. Compared to other ransomware, this new malware family gets shipped with unique characteristics that make this recent market joiner interesting: Before the ransomware is executed, its loader component performs basic evasion checks to ensure

Introduction We know malware doesn’t take a day off, but we hope you will enjoy the winter holiday season. Welcome back, and let’s start the new year with another awesome release of VMRay Analyzer. The first news is improving our release versioning convention. The release name now reflects a chronological

Introduction The ML series blogs we posted, recently, focused on the details of creating ML models addressing VMRay’s defined use case, which is enhancing its phishing URL detection. In this series, we tackled how we engineered features (i.e. feature engineering) to be used in model training, using the clean output

Introduction In April of 2022 we’ve observed new Emotet samples which implemented considerable changes to the way they store and decode their configuration. For Emotet, the relevant information stored in a config file is the IP address and a port number. Each of them is stored in the form of

Introduction The major focus of the VMRay Platform v4.7 release is its enhanced support for security automation. We’ve also made some improvements to the platform’s core capabilities. Here are some of the highlights: New dashboard to ease customers’ journey towards full security automation with VMRay. Enhancements to the IR Mailbox

Introduction Malware threat landscape is constantly shifting towards advanced and targeted cyber attacks. It’s hard to find the balance between the increasing need for higher level of detection with to overwhelming your teams with higher volume and frequency of alerts, which lead to alert fatigue. It’s not just about detecting

Introduction In this Spotlight, we take another look at GuLoader. The malware family is active since at least 2020. It gained some attention because of its evasion techniques and abusing legitimate and popular cloud services to host its malicious payloads. The downloader is commonly used to deliver other malware families

For the last 10 years I worked in the EU and Asia-Pacific regions, but in 2021, I became the Chief Information Security Officer (CISO) for a regional US Bank. This new experience has been both challenging and exciting. Below are five key lessons learned from my first year as a

The VMRay Platform v4.6.0 release incorporates several new features and enhancements to help CERT and incident response teams enhance the efficiency of their operations. Here are some of the highlights: Improved overviews of manual searches conducted by enterprise SOC teams and managed security services providers (MSSPs). Support for macOS Big

Why (and which) data is essential to create a reliable Machine Learning model? Machine Learning Blog Post Series – 4: By Shazia Saqib MACHINE LEARNING BLOG SERIES Machine Learning & Cybersecurity – An Introduction The main concepts of AI and Machine Learning Why we need Machine Learning in Cybersecurity, and

Introduction VMRay Analyzer version 4.5 adds the capability to extract malware configurations. In this blog post we take a deep dive into malware configurations: what are they, how can they be used, and how VMRay Analyzer extracts and presents them. How Do I Use an Extracted Malware Configuration? The configuration

Why do we need Machine Learning in cybersecurity and how can it help? Machine Learning Blog Post Series – 3 By Shazia Saqib MACHINE LEARNING BLOG SERIES Machine Learning & Cybersecurity – An Introduction The main concepts of AI and Machine Learning Data – The fuel that powers Machine Learning

Introduction Artificial intelligence, and more precisely machine learning (ML), has become an almost omnipresent topic in the tech industry over the last decade. ML is applied to all kinds of problems, from image and speech recognition, online fraud detection, up to stock market predictions. It seems just natural to also

Writing this introduction for the Platform 4.5.0 release has been a thrill, considering its incredible content. Yet, it wasn’t an easy task. How can you find a common theme for a release that includes two new, yet different, major capabilities? One, a breakthrough in phishing detection using Machine Learning. Two,

Editor’s Note: This post was updated on February 6, 2018. Editor’s Note: This post was updated on October 16, 2019. VM Detection – Passing the Pafish Test Paranoid Fish (pafish) is a tool for detecting malware analysis environments, replicating what malware will do in the wild to detect if it

The Main Concepts of AI and Machine Learning: An Overview By Martin Rupp Blog Series 1: Machine Learning and Cyber Security: An Introduction Blog Series 1: Machine Learning and Cyber Security: An Introduction The WEF forecasts the global value of AI in cyber security to grow up to 46 billion

Blog Series The Main Concepts of AI and Machine Learning Why do we need Machine Learning in Cybersecurity, and how can it help? Data: The fuel that powers Machine Learning AI is everywhere. Its usage is most often connected with virtual assistants such as Cortana or Siri for example or

Malware Analysis Spotlight: Tried and Tested – Smoke Loader By the VMRay Labs Team Smoke Loader is a downloader which is capable of downloading and deploying other payloads, or downloading additional plugins. Its plugins offer functionality related to, for example, credentials and cookie stealing, DDoS, or remote access. It’s been

Sing Malware Sandboxes for Initial Triage and Incident Response By Koen Van Impe Learn from this practical case study how VMRay Analyzer helped with getting an accurate and noise-free analysis for initial triage and obtaining the relevant indicators of compromise for faster incident response. Computer security is a fast moving

Emotet’s Use of Cryptography Presented by the VMRay Labs Team The group behind Emotet is the prime example of a very successful criminal enterprise. Emotet started out as a banking malware but over time evolved into a large botnet providing something akin to a malicious IaaS (Infrastructure-as-a-Service). It started providing

Basic Automation with the VMRay API By Koen Van Impe Learn more about integrating VMRay Analyzer in different areas of your organizations and how to use its API to automate the submission and processing of the analysis of malware. According to a report from Honeywell the use of USB removable

XLoader’ Cross-platform Support Utilizing XBinder From the VMRay Labs Team Introduction Lately, a rebranded version of the stealer FormBook named XLoader has emerged. In contrast to FormBook, which targets Windows only, XLoader supports macOS as well. During our research, we observed Office documents, which exploit vulnerabilities in MS Office products,

Phishing Kit Kuzuluy Impersonating Paypal In this Malware Analysis Spotlight, we will take a look at a phishing kit related to Kuzuluy, also known as KuzuluyArt. According to Twitter user MaelSecurity, there was a Phishing-as-a-Service associated with Kuzuluy impersonating PayPal in late 2019. At the time of our research, the

Investigating Cyber Incidents Using the Security Stack By Kenneth Vignali, Incident Response Expert As a seasoned digital forensic and incident responder, I have come to appreciate the value of certain logs from parts of an organization’s security stack. Before investigating any cyber incident, it is extremely critical to ensure that

About a decade ago, in the good old “just SIEM it” days, the SOC was typically measured on quantity – the number of alerts validated, number of investigations escalated, number of infections mitigated, and so on. The challenges were how to make the SIEM work better – aggregation of events,

Executive Summary The ongoing shift to cloud-based offerings – SaaS, IaaS and PaaS – provides major advantages to customers. These include fast deployments, a modern & effective environment and enhanced security capabilities that traditional IT organizations cannot deliver on their own, due to high investment costs, fast-changing technology and gaps

Expanded Alliance Extends Distribution Agreement with Ingram Micro for Fast-Growing Provider of Malware Analysis and Detection Solutions Boston, MA – March 3, 2021 – VMRay, a provider of automated malware analysis and detection solutions, today announced it has expanded its strategic alliance with Ingram Micro Inc., the world’s largest distributor

In this Malware Analysis Spotlight, we are investigating a variant of the phishing kit created by Xbalti. Originally, there were two phishing kits developed by Xbalti. The first one is targeting Chase Bank customers, while the other one, which is the topic of this spotlight is targeting Japanese Amazon customers.

For organizations of all sizes, cyber attacks are not a matter of if, but when. Given that an organization is going to experience security incidents, attacks and even breaches, a cyber incident response team and plan is critical. In a sophisticated threat landscape, what are the key considerations to building

As the cyber-threat landscape evolves and data breaches become more common, incident response has become more critical than ever. A CSIRT (Computer Security Incident Response Team) is a body of people assigned with the responsibility of responding to and minimizing the impact of any incidents that affect the organization. This

Introduction – Sign In To Continue Engineers have put a lot of work into making today’s websites effortless to browse. When we browse the web, we typically reach the function of a website we want without ever thinking about what we need to click. Websites present their options clearly, and

When it comes to incident response, the quicker a business deals with the threat, the better. It’s not just about being able to respond in a timely manner, it’s also about having the right persons and plan in place to deal with the event effectively. How to Build An Effective

VMRay Now Defends your Business and Brand with ETD In case you missed it, the world of cybersecurity changed over the last six months. McKinsey put it politely this way in a recent report: security teams “must no longer be seen as a barrier to growth but rather become recognized

Today, organizations of all sizes now become targets of cyber threats. There is always the ominous risk that cybercriminals can gain access to an organization’s network – which is still, despite all efforts of moving data to the cloud, the central backbone of many organizations’ infrastructure. Once an attacker is

Introduction In this Malware Analysis Spotlight, we will take a look at a phishing attempt targeting customers of the popular US-based bank Chase. We discovered the URL of the phishing page at the end of March 2021 and found several similar pages. The phishing page uses JQuery and Ajax to

Introduction In this Malware Analysis Spotlight, we’ll share our research about a phishing kit that was used at the end of March to steal banking information of Polish users of the OnLine eXchange (OLX) trading platform. We are referring to the phishing kit as Blackhat_Coder based on the Telegram user

Introduction In this Malware Analysis Spotlight, we’ll share our research about a phishing kit that was used at the end of March to steal banking information of Polish users of the OnLine eXchange (OLX) trading platform. We are referring to the phishing kit as Blackhat_Coder based on the Telegram user

Hancitor can be grouped into the category of downloaders that are often responsible for delivering further malware families into a compromised network. Recently, it has been observed delivering the Ficker Stealer, Cobalt Strike, and the Cuba ransomware among others. It is usually distributed to the victim via malicious spam campaigns

Agent Tesla is a spyware that has been around since 2014. It’s in active development, constantly being updated and improved with new features, obfuscation, and encryption methods. The malware is sold as a service with a relatively cheap licensing model, which makes it particularly easy to use and can explain

This blog post introduces VMRay’s novel technique for TLS traffic decryption, which is implemented in the hypervisor, without any modifications to the virtual machine. This approach doesn’t modify the traffic like Man-in-the-Middle-based decryption that sandboxes typically use and doesn’t come with the restrictions of API hooking-based solutions. Background – Why

With the release of version 4.0 last year, the VMRay Platform took a huge leap forward and further solidified itself as the preeminent software for SOC and CERT teams that need automated analysis and detection of advanced threats. Version 4.1 further rounded out the offering with incremental yet significant enhancements,

In this Malware Analysis Spotlight, we will assume the role of a threat researcher tasked with analyzing, categorizing, and classifying an unknown malicious sample. We will analyze the unknown sample in a malware sandbox to jumpstart the process. Our unknown sample in this Spotlight is the information stealer, Raccoon (also
When malware source code is leaked into the wild, opportunistic malware authors will often be quick to analyze and repurpose the code to create new variants of their own malware, providing another avenue for them to escape detection. This post, condensed from a SANS webcast featuring SANS Analyst Jake Williams
Bochum, Germany – February 17, 2021 – VMRay, a provider of automated malware analysis and detection solutions, today announced that it has signed a distribution agreement for the Israeli market with Multipoint GROUP, a leading distributor of IT security and Internet technology solutions in the Mediterranean region. “Our business is
Recently, Google’s Threat Analysis Group published a blog post about a campaign targeting security researchers, which they attribute to an entity backed by the North Korean government. Using social engineering the attackers try to convince victims to download and open a Visual Studio Project file. This file contains commands that
Bochum, Germany – January 20, 2021 – VMRay, a provider of automated malware analysis and detection solutions, today announced that it has signed a strategic partnership with EliteVAD, one of the largest value-added distributors in the Middle East and Africa. The new distribution agreement expands VMRay’s reach into new markets

Introduction to SocialPhish – An Open-Source Phishing Toolkit In the following Malware Analysis Spotlight, we will take a look at phishing campaigns that are likely generated by abusing an open-source phishing toolkit – SocialPhish. SocialPhish’s README states that at least some of its phishing templates were generated by SocialFish (another

This week the team at SentinelLabs released an in-depth analysis of macOS.OSAMiner, a Monero mining trojan infecting macOS users since 2015. The authors of macOS.OSAMiner used run-only AppleScripts which made attempts at further analysis more difficult. In 2020, the SentinelLabs Team discovered that the malware authors were evolving their evasion
Former Cofense Sales Executive Joins Leading Malware Analysis and Detection Solutions Company to Drive Growth in the Americas Region Boston, MA – Jan 13, 2021 – VMRay, a provider of automated malware analysis and detection solutions, today announced the appointment of Marcus Conroy as its new Vice President of Sales
Bochum, Germany – Dec 22, 2020 – VMRay, a provider of automated malware analysis and detection solutions, today announced that it has signed an agreement with Factor Group, one of the largest value-added distributors in the Russian Federation. The new agreement will allow Factor Group to resell and integrate VMRay’s
In this Malware Analysis Spotlight, we analyze the Berserker variant of Hentai Oniichan Ransomware. We’ve observed at least two different variants of Hentai Oniichan Ransomware in-the-wild, King Engine, and Berserker. What we found interesting in our analysis of the Berserker variant is its attempts to make recovery difficult by deleting
Digital+ Partners Leads Continuation Funding Round in Growing Automated Threat Analysis & Detection Provider, Closing its Series B Round at US $25 Million Bochum, Germany – Dec 10, 2020 – VMRay, a provider of automated threat analysis and detection solutions, today announced that it has closed the second round of
Something New to Usher in the New Year As the world prepares to say “Goodbye (and good riddance!) to 2020,” VMRay is looking ahead to the New Year by unveiling VMRay Platform Release v4.1.0, which builds on major innovations introduced in September. VMRay Platform Platform v4.1.0 incorporates dozens of new
Vmray threatfeed

Latest Malware Analysis Reports

Get The Latest Update

Subscribe to our newsletter

Keep up to date with our weekly digest of articles. Get the latest news, invites to events, and threat alerts!