fumko
-
Loaders nowadays are part of the malware landscape and it is common to see on sandbox logs results with “loader” tagged on. Specialized loader malware like Smoke or Hancitor/Chanitor are facing more and more with new alternatives like Godzilla loader, stealers, miners and plenty other kinds of malware with this developed feature as an option.…
-
When you are a big fan of the Konosuba franchise, you are a bit curious when you spot a malware called “Megumin Trojan” (Written in C++) on some selling forums and into some results of sandbox submissions. Before some speculation about when this malware has appeared, this one is not recent and there are some…
-
After some issues that kept me far away from my researches, it’s time to put my hands again on some sympathetic stuff. This one is technically and finally my real first post of the year (The anti-VM one was a particular case). So today, we will dig into Qulab Stealer + Clipper, another password-stealer that…
-
Hi Folks, I’m not usually in this kind of paper, but this time, I am exceptionally writing a really short one about something related to some VM evasive PoC. There is always some tricks to detect if you are running on a virtual machine or not. Most of them are stupid, but it’s enough accurate…
-
Sometimes when you are reading tons and tons of log of malware analysis, you are not expecting that some little changes could be in fact impactful. I paid the price when I was analyzing a supposed Arkei malware. my Yara rule at that time was supposed to trigger this malware, but after some reversing, I…