So I’ve been busy for a while and couldn’t write much, many apologies. For this article I’ll be writing about a new injection method known as Process Doppelganging and create an automated unpacker for it. Process Doppelganging is a newly discovered injection method that bypasses all AVs HIPs engine. As it has only been discovered […]

Read more

As promised, prime crypt, a new crypting service available on HackForums.Net, was looked at by the Krabs Investigation Team. A sample of it was provided to us by a fellow malwarehuntermen (not to be confused with the twitter user malwarehunterteam), and we shall put it under the critical lense of Bikini Bottom’s finest patties. Sample […]

Read more

Hello, today I would like to discuss a new malware known to the public as “Bayside RAT”. Bayside RAT is attributed to “BildungIstSuper”, a German malware developer who started a malware group known as “BotSquad”. BildungIstSuper is known for releasing malware that either (1) doesn’t function or (2) are backdoored and doesn’t function. Some of […]

Read more

fudPE is not your ordinary malware packer. Unlike the malware we normally analyze on this blog, fudPE did not originate from the private criminal youtube-exploit-kit-distributing malwarehole dubbed “HackForums”. fudPE only appeared on HF after having established a presence on other underground forums such as exploit.in. Today we will analyze a payload packed with fudPE that’s […]

Read more

Today we will take a look at Anon Hacks, a new threat that only arrived in Early 2017. The threat can be found at hxxps://www.youtube.com/channel/UCTgfS2E9Pll8HZjIEmvEyPw. We will look at one of the APTs distributed by this threat actor today, Anon Booter.exe Sample information: MD5: 6e202a803b6f139206d1afbc70962f5e SHA1: 2a7fb32ad232e37c4eb267971193d5616c304bd8 File Type: x86 .NET Assembly Virustotal: https://www.virustotal.com/en/file/f7ad57f7b4339be5d153be997a77d98c8217c47aa9112ad0892104764f462b77/analysis/1499839535/ After a scan with […]

Read more