Zero2Auto: Custom Sample

INTRODUCTION These days I have been attending to the online malware analysis training "Zero2Automated" (a really nice course if you want to dig deeper into this field). As an exercise to practice all the different techniques that we have studied over the past weeks, the analysis of a custom malware sample was proposed. Well, given … Continue reading Zero2Auto: Custom Sample

Malware Analysis: Qakbot [Part 2]

INTRODUCTION Extending the Qakbot research (see Part 1); this new blog post will dig into the details of the strings obfuscation, the RC4 encryption, the SHA-1 validation and the data compression algorithm implemented by threat actors in the second stage of this Trojan. 1. STRINGS OBFUSCATION First thing you notice when you start analyzing the … Continue reading Malware Analysis: Qakbot [Part 2]