Reversing malware in a custom format: Hidden Bee elements

Reversing malware in a custom format: Hidden Bee elements

When we recently analyzed payloads related to Hidden Bee (dropped by the Underminer EK), we noticed something unusual. After reversing the malware, we discovered that its authors actually created their own executable format. Follow our step-by-step analysis for a closer look. Categories: Malware Threat analysis Tags: custom malwarehidden beehidden bee ... Read More
enSilo Webinar Recording Process Doppelganging December2017

Process Doppelgänging meets Process Hollowing in Osiris dropper

Process doppleganging, a rare technique of impersonating a process, was discovered last year, but hasn't been seen much in the wild since. It was an interesting surprise, then, to discover its use mixed in with Process Hollowing, yet another technique, in a dropper for the Osiris banking Trojan. Categories: Malware ... Read More
Malwarebytes CrackMe 2: contest summary

Malwarebytes CrackMe 2: contest summary

About three weeks ago, we published our second CrackMe, which has triggered a lot of interest, and many high-quality write-up submissions. In this post, we summarize the contest and comment on the submissions. Whose write-up won? Read on to find out. Categories: Malwarebytes news Tags: crackmeCrackMe contestCrackMe winnersMalwarebytes CrackMe (Read ... Read More
Malwarebytes CrackMe 2: try another challenge

Malwarebytes CrackMe 2: try another challenge

Last November, we launched the first Malwarebytes CrackMe. Encouraged by an overwhelmingly positive response, we decided to repeat the game—this time making it even harder and more fun. Categories: Security world Technology Tags: crackmeCrackMe contestMalwarebytes CrackMe (Read more...) The post Malwarebytes CrackMe 2: try another challenge appeared first on Malwarebytes ... Read More
PBot: a Python-based adware

PBot: a Python-based adware

Recently, we came across a Python-based sample dropped by an exploit kit. Although it arrives under the disguise of a MinerBlocker, it has nothing in common with miners. In fact, it seems to be PBot: a Python-based adware. Categories: Malware Threat analysis Tags: adwarePBotpbot adwarepythonpython-based adware (Read more...) The post ... Read More
Blast from the past: stowaway Virut delivered with Chinese DDoS bot

Blast from the past: stowaway Virut delivered with Chinese DDoS bot

A recent Chinese drive-by attack dropped Virut, an ancient virus that's been out of commission since 2013. So what was it doing in this modern attack? Categories: Malware Threat analysis Tags: avzhanAvzhan DDoS botChinese drive-by attackDDoS botvirusvirut (Read more...) The post Blast from the past: stowaway Virut delivered with Chinese ... Read More
Avzhan DDoS bot dropped by Chinese drive-by attack

Avzhan DDoS bot dropped by Chinese drive-by attack

The Avzhan DDoS bot is back in the wild again, this time being dropped by a Chinese drive-by attack. In this post, we'll take a deep dive into its functionality and compare the sample we captured with the one described in the past. Categories: Malware Threat analysis Tags: avzhanBotbotnetddosdrive-by attackexploit ... Read More
A coin miner with a “Heaven’s Gate”

A coin miner with a “Heaven’s Gate”

The Heaven's Gate technique has been around since 2009. But now coin miners are using it to maximize their performance in the target architecture. Categories: Malware Threat analysis Tags: coin minersHeaven's Gatemalware analysis (Read more...) The post A coin miner with a “Heaven’s Gate” appeared first on Malwarebytes Labs ... Read More