• WhisperGate Malware Analysis

  15 Jun 2023

  Stage 1: b621c0e744c03b45c0b32f244a6b8b4a84c449ffde4a62e52d8acfdf6fac264a Sample.doc: Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Author: ABCD1980Ge@outlook[.]com, Template: Normal.dotm, Last Saved By: ABCD1980Ge@outlook[.]com, Revision Number: 21, Name of Creating Application: Microsoft Office Word, Total Editing Time: 01:33:00, Create Time/Date: Wed Jun 14 13:48:00 2023, Last Saved Time/Date:...

• GuLoader Malware Analysis

  13 Jun 2023

  STAGE 1: 0e199bb09bb2df831e4f6601c655d65af17cbed66a79b57d58e9020dd480929d a zip file of type PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive or NSIS Scriptable install. we can see the contents of the installed files if we open this install as zip. in there we can find these files… DHL 007948860.xlsx.exe $PLUGINSDIR...

• Generic Trojan Dropper

  30 May 2023

  STAGE 1: `064ee9cc4256a4e004d3c6e74e1a4cc2d686f82a7e22640aa718167b5af40a29 ./sample.html ` this is a HTML file containing the javascript code that drops a zip file, we can see in the body section it’s the payload that is encrypted, the id is jzasjnpc & class is bwkytcnl. this is the excrypted zip file, first it’s getting converted...