MD5: a462c3b291b90b202c6d090881ba6134File type: PE, Visual C++ https://app.any.run/tasks/0e429277-f2b6-4432-80ad-fed61a2bb33a/ Background information Baldr is a relatively new stealer that became available on some forums early 2019. It was previously analyzed by MalwareBytes (https://blog.malwarebytes.com/threat-analysis/2019/04/say-hello-baldr-new-stealer-market/ ). However since MB’s analysis did not include deobfuscation I will be including a deobfuscated version of the malware as well as an analysis of […]

Read more

So I’ve been busy for a while and couldn’t write much, many apologies. For this article I’ll be writing about a new injection method known as Process Doppelganging and create an automated unpacker for it. Process Doppelganging is a newly discovered injection method that bypasses all AVs HIPs engine. As it has only been discovered […]

Read more

As promised, prime crypt, a new crypting service available on HackForums.Net, was looked at by the Krabs Investigation Team. A sample of it was provided to us by a fellow malwarehuntermen (not to be confused with the twitter user malwarehunterteam), and we shall put it under the critical lense of Bikini Bottom’s finest patties. Sample […]

Read more

Hello, today I would like to discuss a new malware known to the public as “Bayside RAT”. Bayside RAT is attributed to “BildungIstSuper”, a German malware developer who started a malware group known as “BotSquad”. BildungIstSuper is known for releasing malware that either (1) doesn’t function or (2) are backdoored and doesn’t function. Some of […]

Read more