Malware analysis

A technical analysis of the BackMyData ransomware used to attack hospitals in Romania

Summary According to BleepingComputer, a ransomware attack that occurred starting 0n February 11 forced 100 hospitals across Romania to take their systems offline. BackMyData ransomware, which took credit for it, belongs to the Phobos family. The malware embedded an AES key that is used to decrypt its configuration containing whitelisted extensions, files, and directories, a

A technical analysis of the BackMyData ransomware used to attack hospitals in Romania Read More »

A Deep Dive into Brute Ratel C4 payloads – Part 2

Summary Brute Ratel C4 is a Red Team & Adversary Simulation software that can be considered an alternative to Cobalt Strike. In this blog post, we’re presenting a technical analysis of a Brute Ratel badger/agent that doesn’t implement all the recent features of the framework. There aren’t a lot of Brute Ratel samples available in

A Deep Dive into Brute Ratel C4 payloads – Part 2 Read More »

A technical analysis of the SALTWATER backdoor used in Barracuda 0-day vulnerability (CVE-2023-2868) exploitation

Summary SALTWATER is a backdoor that has been used in the exploitation of the Barracuda 0-day vulnerability CVE-2023-2868. It is a module for the Barracuda SMTP daemon called bsmtpd. The malware hooked the recv, send, and close functions using an open-source hooking library called funchook. The following functionalities are implemented: execute arbitrary commands, download and

A technical analysis of the SALTWATER backdoor used in Barracuda 0-day vulnerability (CVE-2023-2868) exploitation Read More »

A technical analysis of Pegasus for Android – Part 3

Summary Pegasus is a spyware developed by the NSO group that was repeatedly analyzed by Amnesty International and CitizenLab. In this article, we dissect the Android version that was initially analyzed by Lookout in this paper, and we recommend reading it along with this post. During our research about Pegasus for Android, we’ve found out that vendors wrongly attributed

A technical analysis of Pegasus for Android – Part 3 Read More »

A technical analysis of Pegasus for Android – Part 2

Summary Pegasus is a spyware developed by the NSO group that was repeatedly analyzed by Amnesty International and CitizenLab. In this article, we dissect the Android version that was initially analyzed by Lookout in this paper, and we recommend reading it along with this post. During our research about Pegasus for Android, we’ve found out

A technical analysis of Pegasus for Android – Part 2 Read More »

A technical analysis of the leaked LockBit 3.0 builder

Summary This is our analysis of the LockBit 3.0 builder that was leaked online on September 21, 2022. The executable called “keygen.exe” can be used to generate the RSA public and private keys that are embedded in the encryptor and decryptor, respectively. The builder embedded 4 resources used to create executables or DLL files according

A technical analysis of the leaked LockBit 3.0 builder Read More »

A technical analysis of Pegasus for Android – Part 1

Summary Pegasus is a spyware developed by the NSO group that was repeatedly analyzed by Amnesty International and CitizenLab. In this article, we dissect the Android version that was initially analyzed by Lookout in this paper, and we recommend reading it along with this post. During our research about Pegasus for Android, we’ve found out

A technical analysis of Pegasus for Android – Part 1 Read More »