malware 28

• Exploring VenomRAT Metadata and Encryption with YARA - #100DaysOfYara Jan 2, 2025
• Decompiling a JPHP Loader with binwalk and cfr Jul 20, 2024
• Dissecting a Java Pikabot Dropper Mar 3, 2024
• Timelining a Malicious VHD for More Intelligence Aug 4, 2023
• Malware via VHD Files, an Excellent Choice Jul 23, 2023
• NetSupport Manager RAT from a Malicious Installer Feb 25, 2023
• BATLoader, Ursnif, and Redline, oh my! Jan 23, 2023
• .NET Downloader Leading to OriginLogger Jan 7, 2023
• Malware Weight Loss the Fast Way with Foremost Oct 22, 2022
• Bad Guys Hate This Trick for Malware Weight Loss! Oct 15, 2022
• Analyzing .NET Core Single File Samples (DUCKTAIL Case Study) Aug 7, 2022
• Analyzing a Pirrit adware installer May 13, 2022
• Shortcut to Emotet, an odd TTP change Apr 24, 2022
• Snip3 Crypter used with DCRat via VBScript Apr 16, 2022
• An AgentTesla Sample Using VBA Macros and Certutil Mar 26, 2022
• Formbook Distributed Via VBScript, PowerShell, and C# Code Mar 25, 2022
• Aggah PPAM macros renaming MSHTA Mar 4, 2022
• Analyzing a Stealer MSI using msitools Feb 12, 2022
• XLoader/Formbook Distributed by Encrypted VelvetSweatshop Spreadsheets Feb 11, 2022
• AgentTesla From RTF Exploitation to .NET Tradecraft Feb 6, 2022
• njRAT Installed from a MSI Feb 3, 2022
• STRRAT Attached to a MSI File Feb 2, 2022
• GuLoader Executing Shellcode Using Callback Functions Jan 27, 2022
• HCrypt Injecting BitRAT using PowerShell, HTAs, and .NET Jan 23, 2022
• BazarISO Analysis - Loading with Advpack.dll Jan 22, 2022
• Extracting Payloads from Excel-DNA XLL Add-Ins Jan 18, 2022
• Emotet's Excel 4.0 Macros Dropping DLLs Jan 17, 2022
• Inspecting a PowerShell Cobalt Strike Beacon Jan 9, 2022