Eli SalemDancing With Shellcodes: Analyzing Rhadamanthys StealerThreat BackgroundJan 16, 20231Jan 16, 20231
Eli SalemThe chronicles of Bumblebee: The Hook, the Bee, and the Trickbot connectionIn late March 2022, a new malware dubbed “Bumblebee” was discovered, and reported to be distributed in phishing campaigns containing ISO…Apr 27, 2022Apr 27, 2022
Eli SalemHighway to Conti: Analysis of BazarloaderAs we look back to summarize the year 2021 we observe that the biggest threat in the cybersecurity landscape is still ransomware. A large…Feb 16, 2022Feb 16, 2022
Eli SalemThe Squirrel Strikes Back: Analysis of the newly emerged cobalt-strike loader “SquirrelWaffle”Since early-mid of September 2021, a new malware loader dubbed “Squirrelwaffle” has been discovered and observed delivering the attack…Sep 21, 20213Sep 21, 20213
Eli SalemDissecting and automating Hancitor’s config extractionThe Hancitor malware, first observed in 2015, is a downloader known to deliver several other malware. In its first years, Hancitor was…Jun 21, 20211Jun 21, 20211
Eli SalemDancing With Shellcodes: Cracking the latest version of GuloaderGuloader is a downloader that has been active since 2019. It is known to deliver various malware, more notably: Agent-Tesla, Netwire…Apr 19, 2021Apr 19, 2021
Eli SalemFuntastic Packers And Where To Find ThemIn malware, we often see threat actors that tend to obfuscate or encrypt their code in order to slow down the analysis of security…Jan 18, 20211Jan 18, 20211