Hot Topics

hasherezade
Malwarebytes Labs

Reversing malware in a custom format: Hidden Bee elements

Reversing malware in a custom format: Hidden Bee elements

| | custom malware, hidden bee, hidden bee miner, Malware, payload, Reverse Engineering, reversing malware, Threat analysis
When we recently analyzed payloads related to Hidden Bee (dropped by the Underminer EK), we noticed something unusual. After reversing the malware, we discovered that its authors actually created their own executable format. Follow our step-by-step analysis for a closer look. Categories: Malware Threat analysis Tags: custom malwarehidden beehidden bee ... Read More
Malwarebytes Labs
enSilo Webinar Recording Process Doppelganging December2017

Process Doppelgänging meets Process Hollowing in Osiris dropper

| | .osiris, Kronos, Threat analysis, trojan
Process doppleganging, a rare technique of impersonating a process, was discovered last year, but hasn't been seen much in the wild since. It was an interesting surprise, then, to discover its use mixed in with Process Hollowing, yet another technique, in a dropper for the Osiris banking Trojan. Categories: Malware ... Read More
Malwarebytes Labs
Malwarebytes CrackMe 2: contest summary

Malwarebytes CrackMe 2: contest summary

| | crackme, CrackMe contest, CrackMe winners, Malwarebytes CrackMe, Malwarebytes news
About three weeks ago, we published our second CrackMe, which has triggered a lot of interest, and many high-quality write-up submissions. In this post, we summarize the contest and comment on the submissions. Whose write-up won? Read on to find out. Categories: Malwarebytes news Tags: crackmeCrackMe contestCrackMe winnersMalwarebytes CrackMe (Read ... Read More
Malwarebytes Labs
Malwarebytes CrackMe 2: try another challenge

Malwarebytes CrackMe 2: try another challenge

| | crackme, CrackMe contest, Malwarebytes CrackMe, Security world, technology
Last November, we launched the first Malwarebytes CrackMe. Encouraged by an overwhelmingly positive response, we decided to repeat the game—this time making it even harder and more fun. Categories: Security world Technology Tags: crackmeCrackMe contestMalwarebytes CrackMe (Read more...) The post Malwarebytes CrackMe 2: try another challenge appeared first on Malwarebytes ... Read More
Malwarebytes Labs
PBot: a Python-based adware

PBot: a Python-based adware

| | adware, Malware, PBot, pbot adware, python, python-based adware, Threat analysis
Recently, we came across a Python-based sample dropped by an exploit kit. Although it arrives under the disguise of a MinerBlocker, it has nothing in common with miners. In fact, it seems to be PBot: a Python-based adware. Categories: Malware Threat analysis Tags: adwarePBotpbot adwarepythonpython-based adware (Read more...) The post ... Read More
Malwarebytes Labs
Blast from the past: stowaway Virut delivered with Chinese DDoS bot

Blast from the past: stowaway Virut delivered with Chinese DDoS bot

| | avzhan, Avzhan DDoS bot, Chinese drive-by attack, DDoS bot, Malware, security bloggers network, Threat analysis, virus, virut
A recent Chinese drive-by attack dropped Virut, an ancient virus that's been out of commission since 2013. So what was it doing in this modern attack? Categories: Malware Threat analysis Tags: avzhanAvzhan DDoS botChinese drive-by attackDDoS botvirusvirut (Read more...) The post Blast from the past: stowaway Virut delivered with Chinese ... Read More
Malwarebytes Labs
Avzhan DDoS bot dropped by Chinese drive-by attack

Avzhan DDoS bot dropped by Chinese drive-by attack

| | avzhan, Bot, botnet, ddos, drive-by attack, Exploit Kit, Malware, security bloggers network, Threat analysis
The Avzhan DDoS bot is back in the wild again, this time being dropped by a Chinese drive-by attack. In this post, we'll take a deep dive into its functionality and compare the sample we captured with the one described in the past. Categories: Malware Threat analysis Tags: avzhanBotbotnetddosdrive-by attackexploit ... Read More
Malwarebytes Labs