Open in app

Sign In

Write

Sign In

Eli Salem
Eli Salem

144 Followers

Home

About

Jan 16

Dancing With Shellcodes: Analyzing Rhadamanthys Stealer

Threat Background Rhadamanthys is a newly emerged Information-Stealer that is written in C++. according to multiple reports[1] the malware has been active since late 2022. In addition, the malware appears to masquerade itself as legitimate software such as AnyDesk installers[2], and Google Ads[3][13] to get the initial foothold. As for usage, in…

20 min read

Dancing With Shellcodes: Analyzing Rhadamanthys Stealer
Dancing With Shellcodes: Analyzing Rhadamanthys Stealer

20 min read


Apr 27, 2022

The chronicles of Bumblebee: The Hook, the Bee, and the Trickbot connection

In late March 2022, a new malware dubbed “Bumblebee” was discovered, and reported to be distributed in phishing campaigns containing ISO files which eventually drop DLL files that contained the Bumblebee malware itself.[1][3]. This malware deployment technique is not new, and several other malware has already been observed using it, most…

17 min read

The chronicles of Bumblebee: The Hook, the Bee, and the Trickbot connection
The chronicles of Bumblebee: The Hook, the Bee, and the Trickbot connection

17 min read


Feb 16, 2022

Highway to Conti: Analysis of Bazarloader

As we look back to summarize the year 2021 we observe that the biggest threat in the cybersecurity landscape is still ransomware. A large number of ransomware incidents have occurred around the world, extorting hundreds of millions overall from victims across the globe. …

15 min read

Highway to Conti: Analysis of Bazarloader
Highway to Conti: Analysis of Bazarloader

15 min read


Sep 21, 2021

The Squirrel Strikes Back: Analysis of the newly emerged cobalt-strike loader “SquirrelWaffle”

Since early-mid of September 2021, a new malware loader dubbed “Squirrelwaffle” has been discovered and observed delivering the attack framework Cobalt-Strike. In the recent cybercrime landscape, several prolific malware has either gone or been less observed. This newly created gap gives opportunities for the birth of a new malware such as…

13 min read

The Squirrel Strikes Back: Analysis of the newly emerged cobalt-strike loader “SquirrelWaffle”
The Squirrel Strikes Back: Analysis of the newly emerged cobalt-strike loader “SquirrelWaffle”

13 min read


Jun 21, 2021

Dissecting and automating Hancitor’s config extraction

The Hancitor malware, first observed in 2015, is a downloader known to deliver several other malware. In its first years, Hancitor was observed delivering information stealers such as Pony or Vawtrak, and in recent years, Ficker stealer and NetSupport RAT. In 2021, Hancitor was observed delivering the Cobalt-Strike attack framework…

14 min read

Dissecting and automating Hancitor’s config extraction
Dissecting and automating Hancitor’s config extraction

14 min read


Apr 19, 2021

Dancing With Shellcodes: Cracking the latest version of Guloader

Guloader is a downloader that has been active since 2019. It is known to deliver various malware, more notably: Agent-Tesla, Netwire, FormBook, Nanocore, and Parallax RAT. The malware architecture consists of a VB wrapper and a shellcode that does all the malicious activities of Guloader. Although many malware use crypters…

Shellcode

14 min read

Dancing With Shellcodes: Cracking the latest version of Guloader
Dancing With Shellcodes: Cracking the latest version of Guloader
Shellcode

14 min read


Jan 18, 2021

Funtastic Packers And Where To Find Them

In malware, we often see threat actors that tend to obfuscate or encrypt their code in order to slow down the analysis of security researchers. To do so, many authors tend to use open-source packers but also craft their own custom packers. While custom packers are definitely not a new…

Malware

11 min read

Funtastic Packers And Where To Find Them
Funtastic Packers And Where To Find Them
Malware

11 min read

Eli Salem

Eli Salem

144 Followers

Malware Researcher & Threat Hunter

Help

Status

Writers

Blog

Careers

Privacy

Terms

About

Text to speech