Introduction In April of 2022 we’ve observed new Emotet samples which implemented considerable changes to the way they store and decode their configuration. For Emotet, the relevant information stored in a config file is the IP address and a port number. Each of them is stored in the form of
Introduction In this Spotlight, we take another look at GuLoader. The malware family is active since at least 2020. It gained some attention because of its evasion techniques and abusing legitimate and popular cloud services to host its malicious payloads. The downloader is commonly used to deliver other malware families
Introduction VMRay Analyzer version 4.5 adds the capability to extract malware configurations. In this blog post we take a deep dive into malware configurations: what are they, how can they be used, and how VMRay Analyzer extracts and presents them. How Do I Use an Extracted Malware Configuration? The configuration
Introduction Artificial intelligence, and more precisely machine learning (ML), has become an almost omnipresent topic in the tech industry over the last decade. ML is applied to all kinds of problems, from image and speech recognition, online fraud detection, up to stock market predictions. It seems just natural to also
Emotet’s Use of Cryptography Presented by the VMRay Labs Team The group behind Emotet is the prime example of a very successful criminal enterprise. Emotet started out as a banking malware but over time evolved into a large botnet providing something akin to a malicious IaaS (Infrastructure-as-a-Service). It started providing
Basic Automation with the VMRay API By Koen Van Impe Learn more about integrating VMRay Analyzer in different areas of your organizations and how to use its API to automate the submission and processing of the analysis of malware. According to a report from Honeywell the use of USB removable
Phishing Kit Kuzuluy Impersonating Paypal In this Malware Analysis Spotlight, we will take a look at a phishing kit related to Kuzuluy, also known as KuzuluyArt. According to Twitter user MaelSecurity, there was a Phishing-as-a-Service associated with Kuzuluy impersonating PayPal in late 2019. At the time of our research, the
Agent Tesla is a spyware that has been around since 2014. It’s in active development, constantly being updated and improved with new features, obfuscation, and encryption methods. The malware is sold as a service with a relatively cheap licensing model, which makes it particularly easy to use and can explain
Keep up to date with our weekly digest of articles. Get the latest news, invites to events, and threat alerts!
