Formbook: A Infostealer Formbook is a type of malware that is primarily used for stealing sensitive information from infected computers, was first discovered in the wild back in 2016. It is commonly distributed via malspam, or malicious spam, which is a type of spam email that contains malware or links to malware-infected websites. In this […]
Stealthy Formbook leverages steganography Read More »
KAPE: Kroll Artifact Parser and Extractor KAPE is a open source Windows-based triage program that will find and collect important forensically relevant Windows OS artifacts (System logs, Registry entries, etc.). KAPE can be ran on a live Windows operating or a mounted Windows image (i.e. dead-box forensics). KAPE utilizes Targets and Modules to collect and
KAPE Collection: Forensic artifacts from a Qakbot infection (via Qaknote) Read More »
Continuing our previous AsyncRAT discussion, this is Part 2 of this blog post, where I will review stage 2, which will cover the analysis of the ASyncRAT payload (payload.exe) and we will dive into some of its functionalities. Figure 1: File property details of payload.exe shown in CFF Explorer. Unpacking ASyncRAT Since this is a
ASyncRAT delivered through malspam via OneNote attachment (Stage 2) Read More »
AsyncRat: A Remote Access Trojan (RAT) AsyncRat is an open source Remote Access Trojan (RAT) that was originally released on Github. It has since been weaponized by threat actors and actively used in cyber attacks since 2019. This malware is designed to compromise the security of a target system and allow remote attackers to gain
ASyncRAT delivered through malspam via OneNote attachment (Stage 1) Read More »
Emotet: A Banking Trojan Emotet is a type of sophisticated and highly destructive malware that was first identified around 2014. It started as a banking trojan, primarily designed to steal sensitive financial information. However, over time, Emotet evolved into a more versatile threat, incorporating additional functionalities and capabilities. In this blog post, we will analyze
Emotet delivered through malspam via Word document attachment Read More »
