Infosec Topics

Scroll to Content

Technical Analysis of the Malspam Pushing Kovter Payload & Nemucode Ransomware – Part II

by July 11, 2017 in code review and development, Malware Analysis, static analysis, Volatility 0 comments

Summary The analysis in part II is the ongoing analysis from part I blog post. If you haven’t had a chance the read through part I, I would highly encourage you to do so before going through part II. Going through part I first will give you the information that you need to […]

Technical Analysis of the Malspam Pushing Kovter Payload & Nemucode Ransomware – Part I

by July 8, 2017 in code review and development, Malware Analysis, static analysis, Volatility 0 comments

Summary On July 3, 2017, Myonlinesecurity (Twitter @dvk01uk) reported a new spam campaign targeting organizations around the world with a new Nemucod ransomware and a Kovter payload. The victims that were targeted in this campaign received a phishing email from “UPS Parcel” service. The email also included a ZIP file attachment and the […]

Discovering Process Hollowing Injection in Memory – DarkComet Use Case

by July 5, 2017 in Hunting in Memory, Malware Analysis, Volatility 0 comments

Summary DarkComet Remote Administration/Access Tool (RAT) is an application that provides remote access and administration to remote systems. Typically, the creators of this RAT can determine its capabilities during the creation process. However, some of the common DarkComet capabilities include (and are not limited to) keylogging of system and keyboard […]