Malware

This guide provides step-by-step instructions on how to analyse a malware sample on ANY.RUN. By following these steps, users can navigate the platform, search for existing malware samples, view connections and network traffic, collect IOCs, and gather more information about the threat. Navigate to ANY.RUN Go to ANY.RUN. Public Tasks Click “Public tasks” to view the public directory and submissions from the community. Filter by Tag, Hash, or IOCs Click here to filter by tag, hash, or other IOCs....

Introduction Phobos ransomware has been previously observed impersonating the well-known malware research community Vx-Underground. Initial access methods for Phobos are varied, but it has been known for exploiting software vulnerabilities, launching phishing campaigns to spread malicious payloads, and accessing hosts through external services such as brute forcing RDP. Despite its significant operational impact, with Phobos accounting for a notable 4% of all submissions to the ID Ransomware service in 2023, it hasn’t achieved the notoriety of other Ransomware-as-a-Service (RaaS) operations like Lockbit or REvil....

This post details my analysis of AgentTesla and ZGRat malware samples, examining their behaviour, capabilities, and the indicators of compromise they leave behind. Overview The analysis revealed a sophisticated malware operation using both AgentTesla and ZGRat, with data exfiltration capabilities and persistence mechanisms. The malware authors implemented various techniques to evade detection while harvesting sensitive information from infected systems. Configuration Analysis The configuration analysis revealed SMTP credentials likely used for exfiltrating data:...

Virus.xcheck: A Tool for Finding Malware Samples I’ve always found it interesting how the security community shares and analyses malware samples. There’s a great resource called Virus Exchange that serves as a repository for malware researchers and security professionals. However, quickly checking if multiple file hash exists in their database wasn’t as straightforward as I wanted it to be. What is Virus.xcheck? Virus.xcheck is a Python tool I created that quickly checks if a file hash exists in the Virus Exchange database....