So I’ve been busy for a while and couldn’t write much, many apologies. For this article I’ll be writing about a new injection method known as Process Doppelganging and create an automated unpacker for it. Process Doppelganging is a newly discovered injection method that bypasses all AVs HIPs engine. As it has only been discovered […]

Read more

As promised, prime crypt, a new crypting service available on HackForums.Net, was looked at by the Krabs Investigation Team. A sample of it was provided to us by a fellow malwarehuntermen (not to be confused with the twitter user malwarehunterteam), and we shall put it under the critical lense of Bikini Bottom’s finest patties. Sample […]

Read more

Hello, today I would like to discuss a new AutistWare variant known to the public as “Bayside RAT”. Bayside RAT is attributed to BuldingIstStoopid, a threat actor from the  malware krew “BotSquid”, who’s been cyber bullied multiple times by Mr. Krabs/Codefuser. BuldingIstStoopid is known for releasing crapwares that either (1) doesn’t function or (2) doesn’t […]

Read more

fudPE is not your ordinary malware packer. Unlike the malware we normally analyze on this blog, fudPE did not originate from the private criminal youtube-exploit-kit-distributing malwarehole dubbed “HackForums”. fudPE only appeared on HF after having established a presence on other underground forums such as exploit.in. Today we will analyze a payload crypted by fudPE, which […]

Read more