Malware Analysis

Malware Analysis

Distribution of JAR appended to signed MSI

Interesting tactic by Ratty & Adwind for distribution of JAR appended to signed MSI – CVE-2020-1464

turned_in_not, , , , , , , , , , , , , ,
This article discusses an interesting tactic actively used by different Java RAT malware authors like Ratty & Adwind  to distribute malicious JAR appended to signed MSI files. This technique was discovered by VT Team in Aug 2018[9] but that time it was not used by malware authors to distribute malicious…
Read More

Excel 4.0 Macro, hta, VBScript & PowerShell Analysis Ataware Ransomware – Part 0x1

turned_in_not, , , , , , , , ,
This will be a multiple part blog series analysing the complete infection chain from Excel to Ataware Ransomware. In this post we will discuss analysis steps for hta, VBScript & PowerShell code to extract the final payload url. Let’s start with xls, I was browsing Twitter for an interesting sample,…
Read More