manowar_admin

KAPE Collection: Forensic artifacts from a Qakbot infection (via Qaknote)

Leave a Comment / Forensic Analysis /

KAPE: Kroll Artifact Parser and Extractor KAPE is a open source Windows-based triage program that will find and collect important forensically relevant Windows OS artifacts (System logs, Registry entries, etc.). KAPE can be ran on a live Windows operating or a mounted Windows image (i.e. dead-box forensics). KAPE utilizes Targets and Modules to collect and […]

KAPE Collection: Forensic artifacts from a Qakbot infection (via Qaknote) Read More »

ASyncRAT delivered through malspam via OneNote attachment (Stage 2)

Leave a Comment / Malware Analysis /

Continuing our previous AsyncRAT discussion, this is Part 2 of this blog post, where I will review stage 2, which will cover the analysis of the ASyncRAT payload (payload.exe) and we will dive into some of its functionalities. Figure 1: File property details of payload.exe shown in CFF Explorer. Unpacking ASyncRAT Since this is a

ASyncRAT delivered through malspam via OneNote attachment (Stage 2) Read More »

ASyncRAT delivered through malspam via OneNote attachment (Stage 1)

Leave a Comment / Malware Analysis /

AsyncRat: A Remote Access Trojan (RAT) AsyncRat is an open source Remote Access Trojan (RAT) that was originally released on Github. It has since been weaponized by threat actors and actively used in cyber attacks since 2019. This malware is designed to compromise the security of a target system and allow remote attackers to gain

ASyncRAT delivered through malspam via OneNote attachment (Stage 1) Read More »

Emotet delivered through malspam via Word document attachment

Leave a Comment / Malware Analysis /

Emotet: A Banking Trojan Emotet is a type of sophisticated and highly destructive malware that was first identified around 2014. It started as a banking trojan, primarily designed to steal sensitive financial information. However, over time, Emotet evolved into a more versatile threat, incorporating additional functionalities and capabilities. In this blog post, we will analyze

Emotet delivered through malspam via Word document attachment Read More »