VMRay Blog

Stay current on the threat landscape with industry-leading cybersecurity insights!
With the latest release of our flagship platform for malware analysis, VMRay Analyzer 3.1, we are enhancing enterprise security in four broad areas: providing greater platform coverage, improved scalability, additional access security, and greater detection efficacy. In Version v3.1 we have: Mapped malicious behavior to the industry-standard MITRE ATT&CK framework,
2019-07-10
Intelligent Monitoring captures everything that’s relevant and only what’s relevant, so your Security Team can focus on what’s most critical & essential. In explaining what had motivated his team to switch to VMRay Analyzer, a customer told us, “It’s not about getting our analysts started with malware analysis. It’s getting
In this era of Ransomware attacks and Zero Day attacks, it’s easy to forget about pervasive threats like Banking Trojans which have been around for some time. These same threats have evolved significantly over the past years, constantly presenting new challenges to security teams. In this post—condensed from a SANS
2019-06-25

Ursnif is a group of malware families based on the same leaked source code. When fully executed Urnsif has the capability to steal banking and online account credentials. In this blog post, we will analyze the payload of a Ursnif sample and demonstrate how a malware sandbox can expedite the

2019-05-29
Indicators of compromise (IOCs) are essential pieces of information security teams use to improve detection and response times. With VMRay’s Intelligent Monitoring technology, IOCs extracted from an analysis are noise-free and provide relevant data for teams to import into their existing security tools. Our out-of-the-box integration with ThreatConnect allows you
2019-05-28
“We are really into the tech. It makes our day if we can detect malware that no one else can.” Continuing our run of podcast interviews, our CEO & Co-Founder Carsten Willems recently featured on the Risky Business Podcast. For over a decade Risky Biz has been one of the
URLs are a ubiquitous infection vector. Embedded in emails, documents, and webpages, they are encountered early and often in the infection cycle. In addition to hosting exploits and delivering malicious files, they also play a major role in concealing threats and attacks by misdirecting analysis tools and security professionals. To
In a recent major update of our flagship platform, VMRay Analyzer 3.0, we made dramatic improvements in the system’s memory dumping capabilities. In an automated approach we call smart memory dumping, VMRay Analyzer now triggers more frequent and more relevant memory dumps to capture a comprehensive view of malware characteristics
2019-04-30
Email phishing continues to be the most prevalent infection vector confronting enterprise security teams today. And with no end in sight to email-driven cybercrime, VMRay has been enhancing its email integration options, most recently with the introduction of IR Mailbox, an add-on feature to VMRay Analyzer and VMRay Detector. IR
2019-04-09
SOC teams are often overwhelmed by the flood of known and suspected malware coming at them from every direction. Web and email gateways, endpoints and other systems all feed into the fire hose of suspicious files sent to the SOC—and all those potential threats need to be vetted ASAP. The
Like a modern Superbug that has grown resistant to conventional antibiotics, malware today has evolved rapidly and become increasingly complex. While much has been written about malware’s ability to evade sandboxes, little has been made of the specific techniques malware authors are employing to evade detection. In this post—condensed from
Typical enterprise security architectures involve tools and products from multiple vendors. An unfortunate reality is these tools and products are not designed to work together out-of-the-box. The Splunk Adaptive Response Framework solves this challenge by connecting all of these products through pre-configured actions. Security teams using the VMRay Add-On for
With today’s release of VMRay Analyzer 3.0, we’ve set a new standard of performance and accuracy with our flagship solution for automated malware analysis and detection. With version 3.0 security teams can quickly analyze and detect advanced, zero-day and targeted malware—and initiate incident response—stopping attacks and threats that other technologies
Israeli cybersecurity company CyberInt provides Managed Detection and Response (MDR) services using an innovative approach that leverages both inside-out and outside-in visibility into a customer’s infrastructure. We’ve recently partnered with CyberInt to provide their customers with rapid detection at scale for the tens of thousands of malware samples they see
2019-01-23
Guest post by Limor Wainstein, Technical Writer & Editor at Agile SEO. IT security professionals have to deal with preventing and managing a variety of network security risks in their daily work, including cybercrime, the compromise of sensitive data, and service outages. The first line of defense is always prevention,
2019-01-08
For malware authors, an important part of their strategy is to drown target organizations with a fire hose of constantly changing information. SOC teams struggle to keep pace with attackers’ ability to rapidly generate new malware variants, new URLs leading to infected websites, and new C2 (command & control) server
While InfoStealers are hardly new, some recent developments have made them far more pervasive, more sophisticated, and more challenging to detect. In this post—condensed from a SANS webcast that he participated in— VMRay Product Manager Rohan Viegas along with SANS analyst Jake Williams discuss the mechanics of how InfoStealers work,
Malware authors regularly create campaigns to target victims in specific countries. Recent examples using location-based malware include two campaigns that delivered banking trojans to customers of financial institutions in Brazil and the Danabot malware campaign that targeted users in Australia and Europe. Such attacks are often meticulously crafted. The phishing
2018-11-27
Any time you incorporate a major new component—such as a sandbox platform—into your security ecosystem, it’s important to do a rigorous, side-by-side evaluation of competing products to determine the best choice for your situation. But a proof of concept is about more than detection rates and vendor scores. It’s also
2018-11-15
GandCrab is one of the most prevalent ransomware families in 2018. In this post—condensed from a SANS webcast that he participated in— VMRay Product Manager Rohan Viegas discusses the fundamental techniques GandCrab uses to encrypt user’s files and basic detection methods that can provide the first line of defense against

Using VMRay Analyzer to get a full picture of attacker activity Tyler Fornes, a Senior Security Analyst at Expel, explains how his team uses VMRay Analyzer to quickly analyze suspicious or malicious files that have been identified in a client’s environment. The most significant result: Investigation times can be cut

2018-10-10
“The information VMRay Analyzer surfaced was exactly what we needed.” A little while ago our team traveled down to Herndon, VA to visit the offices of our partner Expel and hear first hand how they were using our technology for their MSSP offering. Expel’s CTO Matt Peters explained to us
2018-10-10

In our recent Partner Perspectives blog post with Carbon Black, we detailed how our out-of-the-box integration with Cb Response allows Computer Incident Response Teams (CIRTs) to be more effective with incident response and proactiveness during threat hunting. To further demonstrate our integration, we created a short video showing how Cb

2018-10-03
In this blog post, we’ll walk through the first version of the VMRay Analyzer IDA Plugin, which uses the output of VMRay Analyzer to enrich IDA Pro static analysis with behavior-based data. The plugin adds comments to dynamically-resolved API calls within IDA to show the resolved function, its parameters, return
2018-09-18
About InQuest InQuest provides a data acquisition and analysis platform. Providing network defenders with capabilities to block attacks, detect sophisticated breaches, discover sensitive data leaks, and hunt for otherwise unseen campaigns. Built out of necessity and touting a feature-set driven by seasoned SOC analysts with over 15 years of hands-on
Hello everyone, My name is Tobias Scharnowski (@ScepticCtf). I’m a student employee at VMRay and a member of FluxFingers, the official Capture the Flag (CTF) team at Ruhr University Bochum (RUB), supported by VMRay and also part of the German team, Sauercloud. This August, my FluxFingers teammates and I traveled
[Editor’s Note: This post was updated on May 19th, 2020] In the daily war against malware authors, incident response teams (CIRTs) need a comprehensive yet versatile sandbox as part of their automated malware analysis process. This provides the performance, scalability, and accuracy needed to handle the onslaught of malware-related threats.
According to Microsoft’s 2016 Threat Intelligence Report, 98% of Office-targeted threats use macros. So, shouldn’t we just focus our efforts on detecting threats that leverage macros? Of course not. Attackers will constantly innovate. Finding ways to bypass existing security solutions and making malware easy to execute are top of mind
2018-07-13
At the core of VMRay Analyzer is our dynamic analysis engine. Built on an agentless hypervisor-based approach, it delivers unparalleled detection efficacy and evasion resistance. In Version 2.0, we added a rapid reputation engine allowing malware analysts and incident response (DFIR) professionals to quickly identify not only known threats but
2018-06-18
In hindsight, it looks like Carsten Willems and Ralf Hund, the co-founders of VMRay, were destined to follow the same path for an extended period in their lives. Since first meeting in 2007, they have studied alongside each other, collaborated on groundbreaking research, started a company (VMRay), based in their
Vmray threatfeed

Latest Malware Analysis Reports

Get The Latest Update

Subscribe to our newsletter

Keep up to date with our weekly digest of articles. Get the latest news, invites to events, and threat alerts!

Proudly Presenting: UniqueSignal
VMRays New Threat Intelligence feed -
Actionable Malware Intelligence, Without The Noise

60 Days Free Trial – Available for a limited time