NVISO Labs » Malware
4 FOLLOWERS
This category is about the analysis of Malware, mobile Malware, and more. NVISO is a cyber security services firm composed of outstanding security professionals each has a specific field of expertise, ranging from security research and risk management to incident response and security testing. This unique "skill blend" allows them to analyze and respond to complex client challenges and..
NVISO Labs » Malware
1y ago
In recent weeks OneNote has gotten a lot of media attention as threat actors are abusing the embedded files feature in OneNote in their phishing campaigns. In this post we will analyze this new way of malware delivery and create a detection rule for it ..read more
NVISO Labs » Malware
1y ago
In this blog post, we will perform a deep analysis into GootLoader, malware which is known to deliver several types of payloads, such as Kronos trojan, REvil, IcedID, GootKit payloads and in this case Cobalt Strike. In our analysis we’ll be using the initial malware sample itself together with some malware artifacts from the system ..read more
NVISO Labs » Malware
1y ago
VSTO Office files are Office document files linked to a Visual Studio Office File application. When opened, they launch a custom .NET application. There are various ways to achieve this, including methods to serve the VSTO files via an external web server. An article was recently published on the creation of these document files for ..read more
NVISO Labs » Malware
1y ago
Introduction Emotet doesn't need an introduction anymore - it is one of the more prolific cybercriminal gangs and has been around for many years. In January 2021, a disruption effort took place via Europol and other law enforcement authorities to take Emotet down for good. [1] Indeed, there was a significant decrease in Emotet malicious ..read more
NVISO Labs » Malware
1y ago
This week I emerge from the lab and put on a different hat. 1. Switching hats With Interceptor being successful in blinding $vendor2 sufficiently to run a meterpreter reverse shell, it is time to put on the red team hat and get out of the perfect lab environment. To do just that, I had to ..read more
NVISO Labs » Malware
1y ago
With the release of this blogpost, we’re past the halfway point of my internship; time flies when you’re having fun. 1. Introduction - Status Report In the course of these 6 weeks, I’ve covered several aspects of kernel drivers and EDR/AVs kernel mechanisms. I started off strong by examining kernel callbacks and why EDR/AV products ..read more
NVISO Labs » Malware
1y ago
While banking trojans have been around for a very long time now, we have never seen a mobile malware family attack the applications of Belgian financial institutions. Until today... Earlier this week, the Italy-based Cleafy published an article about a new android malware family which they dubbed TeaBot. The sample we will take a look ..read more
NVISO Labs » Malware
1y ago
This blogpost explains all the steps I took while analyzing the Cabassous/FluBot malware. I wrote this while analyzing the sample and I've written down both successful and failed attempts at moving forward, as well as my thoughts/options along the way. As a result, this blogpost is not a writeup of the Cabassous/FluBot malware, but rather ..read more
NVISO Labs » Malware
1y ago
In July 2020, NVISO detected a set of malicious Excel documents, also known as “maldocs”, that deliver malware through VBA-activated spreadsheets. While the malicious VBA code and the dropped payloads were something we had seen before, it was the specific way in which the Excel documents themselves were created that caught our attention. The creators ..read more
NVISO Labs » Malware
1y ago
TL;DR We have found malicious Office documents containing VBA source code only, and no compiled code. Documents like these are more likely to evade anti-virus detection due to a technique we dubbed "VBA Purging". VBA Purging techniqueMalicious MS Office documents leveraging VBA, have their VBA code stored inside streams of Compound File Binary Format files ..read more