Tracking 15 Years of Qakbot Development

|
Introduction Qakbot (aka QBot or Pinkslipbot) is a malware trojan that has been used to operate one of the oldest and longest running cybercriminal enterprises. Qakbot has evolved from a banking trojan to a malware implant that can be used for lateral movement and the eventual deployment of ransomware. In ... Read More

Mystic Stealer Revisited

|
Introduction Mystic Stealer is a relatively new downloader and information stealer that emerged in early 2023. The malware harvests data from a large number of web browsers and cryptocurrency wallet applications. Mystic can also be used to steal Steam game credentials and arbitrary files from an infected system. Mystic stands ... Read More

Technical Analysis of Xloader’s Code Obfuscation in Version 4.3

|
Key Points Xloader is a popular information stealing malware family that is the successor to Formbook. In early 2020, Formbook was rebranded as Xloader and the threat actors moved to a malware-as-a-service (MaaS) business model, renting C2 infrastructure to customers. Xloader implements different obfuscation methods and several encryption layers to ... Read More

Technical Analysis of Xloader’s Code Obfuscation in Version 4.3

|
Key Points Xloader is a popular information stealing malware family that is the successor to Formbook. In early 2020, Formbook was rebranded as Xloader and the threat actors moved to a malware-as-a-service (MaaS) business model, renting C2 infrastructure to customers. Xloader implements different obfuscation methods and several encryption layers to ... Read More

Analysis of BlackByte Ransomware’s Go-Based Variants

|
Key Points BlackByte is a full-featured ransomware family that first emerged around July 2021 The ransomware was originally written in C# and later redeveloped in the Go programming language around September 2021 The threat group exfiltrates data prior to deploying ransomware and leaks the stolen information if a ransom is ... Read More

Analysis of Xloader’s C2 Network Encryption

|
Introduction Xloader is an information stealing malware that is the successor to Formbook, which had been sold in hacking forums since early 2016. In October 2020, Formbook was rebranded as Xloader and some significant improvements were introduced, especially related to the command and control (C2) network encryption. With the arrival ... Read More