ThreatFeed
Linkedin-in Youtube Facebook-f
VMRay Pricing
Try VMRay

VMRay Blog

Stay current on the threat landscape with industry-leading cybersecurity insights!
Try VMRay
2018-06-05

The Evolution of GandCrab Ransomware

[Editor’s Note: This post was updated on July 9th, 2018 with analysis of Gandcrab v4] Like legitimate commercial software, commercial malware also needs a viable business model. For ransomware, the most popular business model is now Ransomware-as-a-Service (RaaS). RaaS focuses on selling ransomware as an easy-to-use service, opening up a
Read More
2018-05-22

Beyond the EU, GDPR Creates New Risks and Obligations

At the recent RSA Conference in San Francisco, I spent a good deal of time meeting with VMRay partners to discuss their preparations for the General Data Protection Regulation (GDPR). The regulation, which takes effect on May 25, creates a new framework for safeguarding the personal data and privacy rights
Read More
2018-03-19

Risky Business Podcast: VMRay Analyzer 2.2’s Unparalleled Usability & Seamless High-Volume Analysis

VMRay’s agentless hypervisor-based analyzer was featured on the latest Snake Oilers episode of the Risky Business podcast. I spoke to host Patrick Gray about the guiding philosophy for VMRay Analyzer 2.2: to deliver unparalleled usability and effectiveness for all DFIR specialists and malware analysts, regardless of skill level. We also
Read More
2018-03-07

VMRay Malware Analysis Report Recap – February 2018

Welcome to the VMRay Malware Analysis Report Recap. Every month our Research Team provides a recap of the malware analysis reports posted to the VMRay Twitter account. This past February, our team analyzed Black Ruby ransomware, Cobalt Strike Beacon and a Javascript file attempting to detect VMs via the registry.

Read More
2018-02-15
VMRay Analyzer 2.2 – An Improved User Experience for Malware Analysts and Incident Responders

VMRay Analyzer 2.2 – An Improved User Experience for Malware Analysts and Incident Responders

At VMRay, our underlying malware detection and analysis technology clearly sets us apart from the competition. With the release of VMRay Analyzer 2.2, we’ve focused on: improving the user experience enhancing our detection efficacy and providing more valuable threat intelligence to malware analysts and incident responders. The latest release has
Read More
2018-02-07
VMRay Malware Analysis Report Recap – February 2018

VMRay Malware Analysis Report Recap – January 2018

Welcome to the VMRay Malware Analysis Report Recap. Every month our Research Team provides a recap of the malware analysis reports posted to the VMRay Twitter account. This past January, our team analyzed a variant of BigEyes/Lime ransomware, GandCrab ransomware and Lotus Blossom malspam. Click the links below to jump
Read More
2018-02-01
[Video] Analyzing a Payload Out of Context

[Video] Analyzing a Payload Out of Context

Malware authors have become creative with how they have chosen to package their payload to evade detection. Office documents have been used as a common vector of entry in the following way: a Word document uses a macro to launch PowerShell and download a malicious payload. While detonating the original
Read More
2018-01-31
VMRay Analyzer Adds Sophos URL Threat Intelligence Service for Enhanced Detection of Malicious Websites

VMRay Analyzer Adds Sophos URL Threat Intelligence Service for Enhanced Detection of Malicious Websites

Our core belief at VMRay is to provide DFIR Specialists and Incident Responders with the most comprehensive analysis on the market. Since the introduction of our Reputation Engine in VMRay Analyzer 2.0, we’ve delivered a comprehensive one-two punch for analysts to quickly diagnose and triage malicious files. Today, we are
Read More
2018-01-12
Our Statement on Spectre and Meltdown

Our Statement on Spectre and Meltdown

Spectre and Meltdown are attack methodologies enabled by fundamental processor design principles. In particular, they exploit unwanted side effects of caching, speculative/out-of-order execution, and branch target prediction. These features are part of most modern CPUs (Intel, AMD, ARM) and were widely introduced into production in the 1990s to enhance performance.
Read More
2018-01-09

VMRay Malware Analysis Report Recap – December ’17

Welcome to the VMRay Malware Analysis Report Recap. Every month our Research Team provides a recap of the malware analysis reports posted to the VMRay Twitter account. This past December, our team analyzed a variant of Globeimposter ransomware, a Windows Script File (WSF) that downloads a payload to set-up a
Read More
2017-12-12

VMRay Email Sensor: Automated Analysis and Detection of Malicious Email

The average corporate employee will receive 75 emails per day. So it’s no surprise that email is still an integral part of daily business processes. With two-thirds of all malware installed via email attachments in 2016 (according to the Verizon’s 2017 Data Breach Investigations Report), it is critical to ensure
Read More
2017-12-12

Risky Business Podcast: Using VMRay Analyzer for Incident Response

Recently, VMRay sponsored the 480th episode of the popular weekly information security podcast, Risky Business. On the podcast, Incident Response Expert Koen Van Impe, spoke to host Patrick Gray about how he uses VMRay Analyzer for automated malware analysis. Koen gave a great overview of the real-world challenges IR practitioners

Read More
2017-12-05

VMRay Malware Analysis Report Recap – November ’17

Welcome to the VMRay Malware Analysis Report Recap. Every month our Research Team provides a recap of the malware analysis reports posted to the VMRay Twitter account. This past November, our team analyzed a malicious Javascript file, the Ordinypt wiper, and a variant of the XZZX Cryptomix ransomware. Click the
Read More
2017-11-27

VMRay & Phantom: Protecting Organizations from Malicious Email

The VMRay App for Phantom seamlessly integrates Phantom’s security automation and orchestration platform with VMRay’s agentless malware detection and analysis. This enables security teams to mitigate the risk of potentially malicious files through fast, automated threat detection and analysis. In this video, we present a simple Phantom playbook that automatically
Read More
2017-11-07

VMRay Malware Analysis Report Recap – October ’17

Welcome to the VMRay Malware Analysis Report Recap. Every month our Research Team provides a recap of the malware analysis reports posted to the VMRay Twitter account. This past October, our team analyzed a Word document using a sandbox evasion technique, the execution of shellcode via Dynamic Data Exchange, and
Read More
2017-10-18

DDE Ransomware in a Macro-less Word Document

Malware Family: Vortex SHA256 Hash Value: bd61559c7dcae0edef672ea922ea5cf15496d18cc8c1cbebee9533295c2d2ea9 View the Full VMRay Analyzer Report Macros in Microsoft Office have been used extensively by malware authors as a mechanism to download and execute a malicious payload on a system. Defensive measures introduced by Microsoft such as disabling macros by default have not
Read More
2017-10-17

Persistent Emotet Malware with a Crafty Social Engineering Technique

Malware Family: Emotet SHA256 455be9278594633944bfdada541725a55e5ef3b7189ae13be8b311848d473b53 View the Full VMRay Analyzer Report With security ever more tightly integrated into operating systems, malware authors often rely on the unwitting participation of an end user to enable malicious action. Social engineering techniques have evolved significantly over the years and last week the VMRay
Read More
2017-10-05
6 Ways Intelligent Monitoring Improves Malware Analysis Accuracy & Efficiency

6 Ways Intelligent Monitoring Improves Malware Analysis Accuracy & Efficiency

This is the second blog in a two-part series describing how VMRay Analyzer’s Intelligent Monitoring capabilities remove the noise from malware analysis. Read part one. VMRay Analyzer’s hypervisor-based monitoring approach provides total visibility into the behavior of a sample under analysis and enables monitoring only parts of the system related
Read More
2017-09-27
Intelligent Monitoring: Removing the Noise from Malware Analysis

Intelligent Monitoring: Removing the Noise from Malware Analysis

This blog post is the first in a two-part series describing how VMRay Analyzer’s Intelligent Monitoring capabilities remove the noise from malware analysis. In dealing with potentially malicious files, incident responders and IT security teams are swamped with information in the form of log files, reports, alerts, and notifications. As
Read More
2017-09-21
Preventing Sandbox Evasion with Randomized Filenames

Preventing Sandbox Evasion with Randomized Filenames

In the malware analysis community, it is common to rename a malware sample to its hash value or add the hash to the filename. This helps analysts easily identify a sample and to store it with a unique filename. This strategy saves time and empowers collaboration. A drawback, however, is
Read More
2017-09-05
Agentless Detection – Locard’s Exchange Principle Applied to Cybersecurity

Agentless Detection – Locard’s Exchange Principle Applied to Cybersecurity

Marketing departments of Cybersecurity vendors around the globe go into overdrive when they can shout from the rooftops that their solution is ‘agentless’. Sure, that sounds good, but why is this so important? And what is truly agentless? To appreciate the importance of an agentless approach, we’ll go old school
Read More
2017-08-21
Poweliks Malware – Filelessly Persistent

Poweliks Malware – Filelessly Persistent

Malware Family: Poweliks Hash Value SHA256: 4727b7ea70d0fc00f96a28de7fa3d97fa 9d0b253bd63ae54fbbf0bd0c8b766bb View the Full Poweliks Malware Analysis Report One of the key features released in VMRay Analyzer v2.1 is the enhanced analysis of fileless malware (also referred to as “non-malware”). Fileless malware is defined by malware analysis expert Lenny Zeltser as “..malware that
Read More
2017-08-09
Password Protected Word Document Connects to TOR Hidden Service

Password Protected Word Document Connects to TOR Hidden Service

Hash Value SHA256: 3a813df1c8f1e835cc98dd60b799c64e61 db51a259ee30b7235004ccb3c9df64 View the Full Password Protected Word Document Analysis Report Password protected documents are an effective method for malware to bypass anti-virus (AV) and other detection solutions. Typically the AV will not be able to parse the password required from the text of the email used
Read More
2017-07-17

VMRay Analyzer v2.1 Enhances Detection Efficacy & Fileless Malware Analysis

In the new release of VMRay Analyzer v2.1, we've enhanced detection efficacy and fileless malware analysis for DFIR Specialists and CERTs.
Read More
2017-07-14

Built-In YARA Rulesets for Increased Efficacy and Classification

YARA is an open source tool that helps malware researchers identify and classify malware by family based on known binary patterns and strings. YARA works by ingesting rules and applying them against various elements of the analysis (such as files and registry keys) to flag potentially malicious files and processes.
Read More
2017-07-14

Petya/NotPetya/ExPetr Cyber Attack is More Wiper Than Ransomware

Malware Family: (Not)Petya Hash Value SHA256: 027cc450ef5f8c5f653329641ec1fed 91f694e0d229928963b30f6b0d7d3a745 View the Full Petya Analysis Report According to Microsoft, the Petya (also referred to as NotPetya/ExPetr) Ransomware attack started its initial infection through a compromise at the Ukrainian company M.E.Doc, a developer of tax accounting software. We took a closer look and
Read More
2017-06-19
404 Error Page Hides RAMNIT.A Worm in the Source Code

404 Error Page Hides RAMNIT.A Worm in the Source Code

Malware Family: Win32/Ramnit Hash Values MD5: 089dc369616dafa44a9f7fefb18e8961 SHA1: c4a2430634b7ca7427d2c055dbbb1fb8cd42a285 SHA256: 4ebafa2738f11d73d06dddf18ce41cf 02c6913f431f2b383f7abaa0d04419f2f Most of the time, links aren’t dangerous without user interaction. Recently, we discovered an innocent-looking link for a JPG picture that prompts a user to activate ActiveX on IE. Leveraging a social engineering technique, if the user activates
Read More
2017-06-05
VMRay Analyzer Identifies Resume Containing Evasive Malware

VMRay Analyzer Identifies Resume Containing Evasive Malware

Recently, we received a seemingly innocuous job application with an attached Word document called “resume.doc”. Let’s take a closer look at the malicious behavior embedded in this fake resume. Upon uploading the Word doc into VMRay Analyzer, the signature was sent to our built-in reputation service, where the file hash
Read More
2017-06-01
‘Close’ Doesn’t Count in Cyber Security

‘Close’ Doesn’t Count in Cyber Security

Even though enterprises spend millions every year on information security they still remain vulnerable to persistent cybercriminals in a world where cybercrime like ransomware is pervasive. Organizations cannot afford to do the “bare minimum” when it comes to threat analysis. As the saying goes, ” ‘close’ only counts in horseshoes
Read More
2017-05-17
Jaff Ransomware Hiding in a PDF document

Jaff Ransomware Hiding in a PDF document

The challenge for a malware author today has more to do with creativity than a deep technical understanding. There are plenty of good trojan building tools out there to make the job easier. But once the author has a finished creation, the big challenge is how to get the finished
Read More
Vmray threatfeed

Latest Malware Analysis Reports

Access
Get The Latest Update

Subscribe to our newsletter

Keep up to date with our weekly digest of articles. Get the latest news, invites to events, and threat alerts!

Subscribe to our Newsletter:

Linkedin-in Youtube Facebook-f

Solutions

Products

Why VMRay

Resources

Missed the headlines?

We’re featured in:

image 15
image 16
image 17
image 18
© Copyright 2013-2025 VMRay

ThreatFeed

Linkedin-in Youtube Facebook-f
VMRay Pricing
Try VMRay

Proudly Presenting: UniqueSignal
VMRays New Threat Intelligence feed -
Actionable Malware Intelligence, Without The Noise

60 Days Free Trial – Available for a limited time

Start Free Trial