INTRODUCTION These days I have been attending to the online malware analysis training "Zero2Automated" (a really nice course if you want to dig deeper into this field). As an exercise to practice all the different techniques that we have studied over the past weeks, the analysis of a custom malware sample was proposed. Well, given … Continue reading Zero2Auto: Custom Sample
Malware Analysis: Qakbot [Part 2]
INTRODUCTION Extending the Qakbot research (see Part 1); this new blog post will dig into the details of the strings obfuscation, the RC4 encryption, the SHA-1 validation and the data compression algorithm implemented by threat actors in the second stage of this Trojan. 1. STRINGS OBFUSCATION First thing you notice when you start analyzing the … Continue reading Malware Analysis: Qakbot [Part 2]
Malware Analysis: Qakbot [Part 1]
INTRODUCTION Qakbot a.k.a Pinkslipbot, Qbot or Quakbot [1], a banking Trojan first seen spreading via network shares, removable drivers and infected webpages since 2009; is an old enemy that even today remains as one of the most popular malware families used by threat actors [3]. Even though there are really nice online resources explaining the … Continue reading Malware Analysis: Qakbot [Part 1]
Malware Analysis: Quant Loader
Early this year, I received a suspicious email that was reported from Chile. This Phishing email was impersonating a financial institution in that country (Banco Estado Chile). What really captured my attention wasn't the email itself, it was the file that was being distributed by that campaign, because it was not the usual JavaScript Downloader … Continue reading Malware Analysis: Quant Loader