ThreatFeed
Linkedin-in Youtube Facebook-f
VMRay Pricing
Try VMRay

VMRay Blog

Stay current on the threat landscape with industry-leading cybersecurity insights!
Try VMRay
,

Explained: Smart Memory Dumping

In a recent major update of our flagship platform, VMRay Analyzer 3.0, we made dramatic improvements in the system’s memory dumping capabilities. In an automated approach we call smart memory dumping, VMRay Analyzer now triggers more frequent and more relevant memory dumps to capture a comprehensive view of malware characteristics
Read More

Empowering Email Users with Abuse Mailbox

Email phishing continues to be the most prevalent infection vector confronting enterprise security teams today. And with no end in sight to email-driven cybercrime, VMRay has been enhancing its email integration options, most recently with the introduction of IR Mailbox, an add-on feature to VMRay Analyzer and VMRay Detector. IR
Read More

Introducing VMRay Detector: High-Precision Threat Detection at Scale

SOC teams are often overwhelmed by the flood of known and suspected malware coming at them from every direction. Web and email gateways, endpoints and other systems all feed into the fire hose of suspicious files sent to the SOC—and all those potential threats need to be vetted ASAP. The
Read More
,

SANS Webcast Recap: Dissecting Popular Malware Evasion Techniques

Like a modern Superbug that has grown resistant to conventional antibiotics, malware today has evolved rapidly and become increasingly complex. While much has been written about malware’s ability to evade sandboxes, little has been made of the specific techniques malware authors are employing to evade detection. In this post—condensed from
Read More
,

Reducing Incident Response Times with Splunk Adaptive Response

Typical enterprise security architectures involve tools and products from multiple vendors. An unfortunate reality is these tools and products are not designed to work together out-of-the-box. The Splunk Adaptive Response Framework solves this challenge by connecting all of these products through pre-configured actions. Security teams using the VMRay Add-On for
Read More
,

VMRay Analyzer 3.0: Raising the Bar for Automated Malware Analysis & Detection

With today’s release of VMRay Analyzer 3.0, we’ve set a new standard of performance and accuracy with our flagship solution for automated malware analysis and detection. With version 3.0 security teams can quickly analyze and detect advanced, zero-day and targeted malware—and initiate incident response—stopping attacks and threats that other technologies
Read More
,

How CyberInt Uses VMRay to Stay One-Step Ahead of Threat Actors

Israeli cybersecurity company CyberInt provides Managed Detection and Response (MDR) services using an innovative approach that leverages both inside-out and outside-in visibility into a customer’s infrastructure. We’ve recently partnered with CyberInt to provide their customers with rapid detection at scale for the tens of thousands of malware samples they see
Read More

Are You Ready for the Next Attack? 5 Tweaks to Your Incident Response Plan

Guest post by Limor Wainstein, Technical Writer & Editor at Agile SEO. IT security professionals have to deal with preventing and managing a variety of network security risks in their daily work, including cybercrime, the compromise of sensitive data, and service outages. The first line of defense is always prevention,
Read More

Now, Near, Deep: The Power of Multi-Layered Malware Analysis & Detection

For malware authors, an important part of their strategy is to drown target organizations with a fire hose of constantly changing information. SOC teams struggle to keep pace with attackers’ ability to rapidly generate new malware variants, new URLs leading to infected websites, and new C2 (command & control) server
Read More
,

SANS Webcast Recap: Infection to Remediation – Exploring the InfoStealer Kill Chain

While InfoStealers are hardly new, some recent developments have made them far more pervasive, more sophisticated, and more challenging to detect. In this post—condensed from a SANS webcast that he participated in— VMRay Product Manager Rohan Viegas along with SANS analyst Jake Williams discuss the mechanics of how InfoStealers work,
Read More
,

Analyzing Location-Based Malware with Geo Anonymization

Malware authors regularly create campaigns to target victims in specific countries. Recent examples using location-based malware include two campaigns that delivered banking trojans to customers of financial institutions in Brazil and the Danabot malware campaign that targeted users in Australia and Europe. Such attacks are often meticulously crafted. The phishing
Read More

6 Best Practices for your Malware Sandbox Proof of Concept

Any time you incorporate a major new component—such as a sandbox platform—into your security ecosystem, it’s important to do a rigorous, side-by-side evaluation of competing products to determine the best choice for your situation. But a proof of concept is about more than detection rates and vendor scores. It’s also
Read More

SANS Webcast Recap: Dissecting GandCrab Ransomware

GandCrab is one of the most prevalent ransomware families in 2018. In this post—condensed from a SANS webcast that he participated in— VMRay Product Manager Rohan Viegas discusses the fundamental techniques GandCrab uses to encrypt user’s files and basic detection methods that can provide the first line of defense against
Read More
,

How Expel Gets Answers, Not Alerts

Using VMRay Analyzer to get a full picture of attacker activity Tyler Fornes, a Senior Security Analyst at Expel, explains how his team uses VMRay Analyzer to quickly analyze suspicious or malicious files that have been identified in a client’s environment. The most significant result: Investigation times can be cut

Read More

How VMRay Analyzer Powers MSSPs & MDRs

“The information VMRay Analyzer surfaced was exactly what we needed.” A little while ago our team traveled down to Herndon, VA to visit the offices of our partner Expel and hear first hand how they were using our technology for their MSSP offering. Expel’s CTO Matt Peters explained to us
Read More

Effectively Responding to a Security Breach with Cb Response

In our recent Partner Perspectives blog post with Carbon Black, we detailed how our out-of-the-box integration with Cb Response allows Computer Incident Response Teams (CIRTs) to be more effective with incident response and proactiveness during threat hunting. To further demonstrate our integration, we created a short video showing how Cb

Read More

Introducing the IDA Plugin for VMRay Analyzer

In this blog post, we’ll walk through the first version of the VMRay Analyzer IDA Plugin, which uses the output of VMRay Analyzer to enrich IDA Pro static analysis with behavior-based data. The plugin adds comments to dynamically-resolved API calls within IDA to show the resolved function, its parameters, return
Read More

Improving Cyber Resilience with VMRay + InQuest

About InQuest InQuest provides a data acquisition and analysis platform. Providing network defenders with capabilities to block attacks, detect sophisticated breaches, discover sensitive data leaks, and hunt for otherwise unseen campaigns. Built out of necessity and touting a feature-set driven by seasoned SOC analysts with over 15 years of hands-on
Read More
,

DEF CON CTF Finals: An Inside View

Hello everyone, My name is Tobias Scharnowski (@ScepticCtf). I’m a student employee at VMRay and a member of FluxFingers, the official Capture the Flag (CTF) team at Ruhr University Bochum (RUB), supported by VMRay and also part of the German team, Sauercloud. This August, my FluxFingers teammates and I traveled
Read More
,

How to Use Interactive Malware Analysis with VMRay Analyzer

[Editor’s Note: This post was updated on May 19th, 2020] In the daily war against malware authors, incident response teams (CIRTs) need a comprehensive yet versatile sandbox as part of their automated malware analysis process. This provides the performance, scalability, and accuracy needed to handle the onslaught of malware-related threats.
Read More
,

Forgotten MS Office Features Used to Deliver Malware

According to Microsoft’s 2016 Threat Intelligence Report, 98% of Office-targeted threats use macros. So, shouldn’t we just focus our efforts on detecting threats that leverage macros? Of course not. Attackers will constantly innovate. Finding ways to bypass existing security solutions and making malware easy to execute are top of mind
Read More

VMRay Analyzer v2.3: Pairing Superior Performance with Exceptional Detection Efficacy

At the core of VMRay Analyzer is our dynamic analysis engine. Built on an agentless hypervisor-based approach, it delivers unparalleled detection efficacy and evasion resistance. In Version 2.0, we added a rapid reputation engine allowing malware analysts and incident response (DFIR) professionals to quickly identify not only known threats but
Read More

How Parallel Lives Converged to Create VMRay

In hindsight, it looks like Carsten Willems and Ralf Hund, the co-founders of VMRay, were destined to follow the same path for an extended period in their lives. Since first meeting in 2007, they have studied alongside each other, collaborated on groundbreaking research, started a company (VMRay), based in their
Read More

The Evolution of GandCrab Ransomware

[Editor’s Note: This post was updated on July 9th, 2018 with analysis of Gandcrab v4] Like legitimate commercial software, commercial malware also needs a viable business model. For ransomware, the most popular business model is now Ransomware-as-a-Service (RaaS). RaaS focuses on selling ransomware as an easy-to-use service, opening up a
Read More

Beyond the EU, GDPR Creates New Risks and Obligations

At the recent RSA Conference in San Francisco, I spent a good deal of time meeting with VMRay partners to discuss their preparations for the General Data Protection Regulation (GDPR). The regulation, which takes effect on May 25, creates a new framework for safeguarding the personal data and privacy rights
Read More

Risky Business Podcast: VMRay Analyzer 2.2’s Unparalleled Usability & Seamless High-Volume Analysis

VMRay’s agentless hypervisor-based analyzer was featured on the latest Snake Oilers episode of the Risky Business podcast. I spoke to host Patrick Gray about the guiding philosophy for VMRay Analyzer 2.2: to deliver unparalleled usability and effectiveness for all DFIR specialists and malware analysts, regardless of skill level. We also
Read More

VMRay Malware Analysis Report Recap – February 2018

Welcome to the VMRay Malware Analysis Report Recap. Every month our Research Team provides a recap of the malware analysis reports posted to the VMRay Twitter account. This past February, our team analyzed Black Ruby ransomware, Cobalt Strike Beacon and a Javascript file attempting to detect VMs via the registry.

Read More
VMRay Analyzer 2.2 – An Improved User Experience for Malware Analysts and Incident Responders

VMRay Analyzer 2.2 – An Improved User Experience for Malware Analysts and Incident Responders

At VMRay, our underlying malware detection and analysis technology clearly sets us apart from the competition. With the release of VMRay Analyzer 2.2, we’ve focused on: improving the user experience enhancing our detection efficacy and providing more valuable threat intelligence to malware analysts and incident responders. The latest release has
Read More
VMRay Malware Analysis Report Recap – February 2018

VMRay Malware Analysis Report Recap – January 2018

Welcome to the VMRay Malware Analysis Report Recap. Every month our Research Team provides a recap of the malware analysis reports posted to the VMRay Twitter account. This past January, our team analyzed a variant of BigEyes/Lime ransomware, GandCrab ransomware and Lotus Blossom malspam. Click the links below to jump
Read More
,
[Video] Analyzing a Payload Out of Context

[Video] Analyzing a Payload Out of Context

Malware authors have become creative with how they have chosen to package their payload to evade detection. Office documents have been used as a common vector of entry in the following way: a Word document uses a macro to launch PowerShell and download a malicious payload. While detonating the original
Read More
VMRay Analyzer Adds Sophos URL Threat Intelligence Service for Enhanced Detection of Malicious Websites

VMRay Analyzer Adds Sophos URL Threat Intelligence Service for Enhanced Detection of Malicious Websites

Our core belief at VMRay is to provide DFIR Specialists and Incident Responders with the most comprehensive analysis on the market. Since the introduction of our Reputation Engine in VMRay Analyzer 2.0, we’ve delivered a comprehensive one-two punch for analysts to quickly diagnose and triage malicious files. Today, we are
Read More
,
Our Statement on Spectre and Meltdown

Our Statement on Spectre and Meltdown

Spectre and Meltdown are attack methodologies enabled by fundamental processor design principles. In particular, they exploit unwanted side effects of caching, speculative/out-of-order execution, and branch target prediction. These features are part of most modern CPUs (Intel, AMD, ARM) and were widely introduced into production in the 1990s to enhance performance.
Read More

VMRay Malware Analysis Report Recap – December ’17

Welcome to the VMRay Malware Analysis Report Recap. Every month our Research Team provides a recap of the malware analysis reports posted to the VMRay Twitter account. This past December, our team analyzed a variant of Globeimposter ransomware, a Windows Script File (WSF) that downloads a payload to set-up a
Read More

VMRay Email Sensor: Automated Analysis and Detection of Malicious Email

The average corporate employee will receive 75 emails per day. So it’s no surprise that email is still an integral part of daily business processes. With two-thirds of all malware installed via email attachments in 2016 (according to the Verizon’s 2017 Data Breach Investigations Report), it is critical to ensure
Read More

Risky Business Podcast: Using VMRay Analyzer for Incident Response

Recently, VMRay sponsored the 480th episode of the popular weekly information security podcast, Risky Business. On the podcast, Incident Response Expert Koen Van Impe, spoke to host Patrick Gray about how he uses VMRay Analyzer for automated malware analysis. Koen gave a great overview of the real-world challenges IR practitioners

Read More

VMRay Malware Analysis Report Recap – November ’17

Welcome to the VMRay Malware Analysis Report Recap. Every month our Research Team provides a recap of the malware analysis reports posted to the VMRay Twitter account. This past November, our team analyzed a malicious Javascript file, the Ordinypt wiper, and a variant of the XZZX Cryptomix ransomware. Click the
Read More

VMRay & Phantom: Protecting Organizations from Malicious Email

The VMRay App for Phantom seamlessly integrates Phantom’s security automation and orchestration platform with VMRay’s agentless malware detection and analysis. This enables security teams to mitigate the risk of potentially malicious files through fast, automated threat detection and analysis. In this video, we present a simple Phantom playbook that automatically
Read More

VMRay Malware Analysis Report Recap – October ’17

Welcome to the VMRay Malware Analysis Report Recap. Every month our Research Team provides a recap of the malware analysis reports posted to the VMRay Twitter account. This past October, our team analyzed a Word document using a sandbox evasion technique, the execution of shellcode via Dynamic Data Exchange, and
Read More

DDE Ransomware in a Macro-less Word Document

Malware Family: Vortex SHA256 Hash Value: bd61559c7dcae0edef672ea922ea5cf15496d18cc8c1cbebee9533295c2d2ea9 View the Full VMRay Analyzer Report Macros in Microsoft Office have been used extensively by malware authors as a mechanism to download and execute a malicious payload on a system. Defensive measures introduced by Microsoft such as disabling macros by default have not
Read More

Persistent Emotet Malware with a Crafty Social Engineering Technique

Malware Family: Emotet SHA256 455be9278594633944bfdada541725a55e5ef3b7189ae13be8b311848d473b53 View the Full VMRay Analyzer Report With security ever more tightly integrated into operating systems, malware authors often rely on the unwitting participation of an end user to enable malicious action. Social engineering techniques have evolved significantly over the years and last week the VMRay
Read More
,
6 Ways Intelligent Monitoring Improves Malware Analysis Accuracy & Efficiency

6 Ways Intelligent Monitoring Improves Malware Analysis Accuracy & Efficiency

This is the second blog in a two-part series describing how VMRay Analyzer’s Intelligent Monitoring capabilities remove the noise from malware analysis. Read part one. VMRay Analyzer’s hypervisor-based monitoring approach provides total visibility into the behavior of a sample under analysis and enables monitoring only parts of the system related
Read More
,
Intelligent Monitoring: Removing the Noise from Malware Analysis

Intelligent Monitoring: Removing the Noise from Malware Analysis

This blog post is the first in a two-part series describing how VMRay Analyzer’s Intelligent Monitoring capabilities remove the noise from malware analysis. In dealing with potentially malicious files, incident responders and IT security teams are swamped with information in the form of log files, reports, alerts, and notifications. As
Read More
,
Preventing Sandbox Evasion with Randomized Filenames

Preventing Sandbox Evasion with Randomized Filenames

In the malware analysis community, it is common to rename a malware sample to its hash value or add the hash to the filename. This helps analysts easily identify a sample and to store it with a unique filename. This strategy saves time and empowers collaboration. A drawback, however, is
Read More
,
Agentless Detection – Locard’s Exchange Principle Applied to Cybersecurity

Agentless Detection – Locard’s Exchange Principle Applied to Cybersecurity

Marketing departments of Cybersecurity vendors around the globe go into overdrive when they can shout from the rooftops that their solution is ‘agentless’. Sure, that sounds good, but why is this so important? And what is truly agentless? To appreciate the importance of an agentless approach, we’ll go old school
Read More
Poweliks Malware – Filelessly Persistent

Poweliks Malware – Filelessly Persistent

Malware Family: Poweliks Hash Value SHA256: 4727b7ea70d0fc00f96a28de7fa3d97fa 9d0b253bd63ae54fbbf0bd0c8b766bb View the Full Poweliks Malware Analysis Report One of the key features released in VMRay Analyzer v2.1 is the enhanced analysis of fileless malware (also referred to as “non-malware”). Fileless malware is defined by malware analysis expert Lenny Zeltser as “..malware that
Read More
,
Password Protected Word Document Connects to TOR Hidden Service

Password Protected Word Document Connects to TOR Hidden Service

Hash Value SHA256: 3a813df1c8f1e835cc98dd60b799c64e61 db51a259ee30b7235004ccb3c9df64 View the Full Password Protected Word Document Analysis Report Password protected documents are an effective method for malware to bypass anti-virus (AV) and other detection solutions. Typically the AV will not be able to parse the password required from the text of the email used
Read More

VMRay Analyzer v2.1 Enhances Detection Efficacy & Fileless Malware Analysis

In the new release of VMRay Analyzer v2.1, we've enhanced detection efficacy and fileless malware analysis for DFIR Specialists and CERTs.
Read More

Built-In YARA Rulesets for Increased Efficacy and Classification

YARA is an open source tool that helps malware researchers identify and classify malware by family based on known binary patterns and strings. YARA works by ingesting rules and applying them against various elements of the analysis (such as files and registry keys) to flag potentially malicious files and processes.
Read More

Petya/NotPetya/ExPetr Cyber Attack is More Wiper Than Ransomware

Malware Family: (Not)Petya Hash Value SHA256: 027cc450ef5f8c5f653329641ec1fed 91f694e0d229928963b30f6b0d7d3a745 View the Full Petya Analysis Report According to Microsoft, the Petya (also referred to as NotPetya/ExPetr) Ransomware attack started its initial infection through a compromise at the Ukrainian company M.E.Doc, a developer of tax accounting software. We took a closer look and
Read More
404 Error Page Hides RAMNIT.A Worm in the Source Code

404 Error Page Hides RAMNIT.A Worm in the Source Code

Malware Family: Win32/Ramnit Hash Values MD5: 089dc369616dafa44a9f7fefb18e8961 SHA1: c4a2430634b7ca7427d2c055dbbb1fb8cd42a285 SHA256: 4ebafa2738f11d73d06dddf18ce41cf 02c6913f431f2b383f7abaa0d04419f2f Most of the time, links aren’t dangerous without user interaction. Recently, we discovered an innocent-looking link for a JPG picture that prompts a user to activate ActiveX on IE. Leveraging a social engineering technique, if the user activates
Read More
VMRay Analyzer Identifies Resume Containing Evasive Malware

VMRay Analyzer Identifies Resume Containing Evasive Malware

Recently, we received a seemingly innocuous job application with an attached Word document called “resume.doc”. Let’s take a closer look at the malicious behavior embedded in this fake resume. Upon uploading the Word doc into VMRay Analyzer, the signature was sent to our built-in reputation service, where the file hash
Read More
,
‘Close’ Doesn’t Count in Cyber Security

‘Close’ Doesn’t Count in Cyber Security

Even though enterprises spend millions every year on information security they still remain vulnerable to persistent cybercriminals in a world where cybercrime like ransomware is pervasive. Organizations cannot afford to do the “bare minimum” when it comes to threat analysis. As the saying goes, ” ‘close’ only counts in horseshoes
Read More
Jaff Ransomware Hiding in a PDF document

Jaff Ransomware Hiding in a PDF document

The challenge for a malware author today has more to do with creativity than a deep technical understanding. There are plenty of good trojan building tools out there to make the job easier. But once the author has a finished creation, the big challenge is how to get the finished
Read More
Wanna Decryptor Worm Spreads Over MS17-010 Vulnerability

Wanna Decryptor Worm Spreads Over MS17-010 Vulnerability

About one month ago, the Shadow Brokers hacker group published a set of NSA hacking tools, that included zero-day exploits. One of these exploits is known as the ETERNALBLUE Server Message Block Protocol (SMB) vulnerability (MS17-010). It was only a matter of time before the inevitable happened. A malware author
Read More

Anti-Sandboxing Techniques in Cerber Ransomware Can’t Detect VMRay Analyzer

A new variant of Cerber ransomware is in the wild and has built-in anti-sandbox tools to detect hooking-based sandbox environments, as explained in this article by Cyphort. The limitations of a hooking-based approach, where a driver is injected into the target environment and ‘hooks’ API calls, allow the malware to
Read More

Detect, Analyze, Block: Introducing the VMRay App for Phantom

In dealing with potentially malicious files, IT security teams in most organizations are challenged with arduous forensics and mitigation processes that involve a series of manual, repetitive tasks. The VMRay App for Phantom seamlessly integrates Phantom’s security automation and orchestration platform with VMRay’s agentless malware detection and analysis. This enables
Read More

Introducing the VMRay Analyzer Add-On for Splunk

Multi-vendor security frameworks are a reality in virtually every enterprise. InfoSec teams need to manage that reality in order to protect the organization’s assets and data against targeted cyber-attacks and advanced malware. Deploying multi-vendor products means that there can often be challenges related to interoperability and integration. At VMRay, we
Read More

Undetected JScript Dropper Installs Sage Ransomware

A popular method to distribute malware (especially ransomware) is to send a JScript file (*.js) by E-Mail or prompt a user surfing the web to execute a file. The goal of this type of attack is to bypass filtering systems that warn users trying to open attachments with certain file
Read More
,

[Video] Analyzing a Malicious Microsoft Word Document

One of the key features in VMRay Analyzer 2.0 is the built-in reputation engine that identifies known malicious or known benign files in milliseconds. The addition of the reputation engine gives Incident Responders and Malware Analysts a powerful “One-Two” combination of rapid threat detection and detailed analysis of malware behavior.
Read More

Malware Detection and Analysis: Delivering a Knockout Blow to Malware

In boxing, the “One-Two” combination is an essential component of a fighter’s arsenal. A left jab followed by a right cross is one the most effective combinations a fighter can unleash on his opponent. In the fight against malware, it’s just as important for Malware Analysts and Incident Responders to
Read More
Vmray threatfeed

Latest Malware Analysis Reports

Access
Get The Latest Update

Subscribe to our newsletter

Keep up to date with our weekly digest of articles. Get the latest news, invites to events, and threat alerts!

Subscribe to our Newsletter:

Linkedin-in Youtube Facebook-f

Solutions

Products

Why VMRay

Resources

Missed the headlines?

We’re featured in:

image 15
image 16
image 17
image 18
© Copyright 2024 VMRay

ThreatFeed

Linkedin-in Youtube Facebook-f
VMRay Pricing
Try VMRay