Tag: anti-analysis

21 Attack Reports | 0 Vulnerabilities

Attack reports

Understanding CyberEYE RAT Builder: Capabilities and Implications

CyberEye is a modular, .NET-based Remote Access Trojan that utilizes Telegram for Command and Control, eliminating the need for attackers to maintain their own infrastructure. It offers a wide array of surveillance and data theft capabilities, including keylogging, file grabbing, and clipboard hija…
rat
persistence
anti-analysis
credential theft
data exfiltration
telegram
2025-06-13
cybereye
windows defender evasion
telegramrat
Published: June 13, 2025
Downloadable IOCs: 0

Technical Analysis of TransferLoader

TransferLoader is a newly identified malware loader active since February 2025. It comprises multiple components including a downloader, backdoor, and specialized loader. The malware employs various anti-analysis techniques and code obfuscation to hinder reverse engineering. TransferLoader has been…
backdoor
obfuscation
ransomware
anti-analysis
c2
downloader
morpheus
2025-05-15
ipfs
transferloader
Published: May 15, 2025
Downloadable IOCs: 7

DarkCloud Stealer: Comprehensive Analysis of a New Attack Chain That Employs AutoIt

Unit 42 researchers have identified a series of attacks distributing DarkCloud Stealer, an information-stealing malware that has been active since 2022. The latest attack chain incorporates AutoIt to evade detection and uses a file-sharing server to host the malware. The infection process begins wi…
obfuscation
phishing
infostealer
anti-analysis
credential theft
autoit
information stealing
2025-05-14
multi-stage payload
darkcloud stealer
Published: May 14, 2025
Linked vulnerabilities : CVE-2025-31324 (CVSS 10.0)
Downloadable IOCs: 4

Threat Actors are Targeting US Tax-Session with new Tactics of Stealerium-infostealer

Cybercriminals are exploiting the US tax season to deploy Stealerium malware, targeting citizens through sophisticated phishing campaigns. The attack utilizes deceptive email attachments with malicious LNK files, leading to the execution of PowerShell scripts and the download of a PyInstaller-packa…
powershell
anti-analysis
information stealing
process injection
2025-04-30
tax-season phishing
stealerium
Published: April 30, 2025
Downloadable IOCs: 0

How Lumma Stealer sneaks into organizations

Lumma Stealer, a sophisticated information-stealing malware, has gained prominence in cybercriminal circles since 2022. It employs various distribution methods, with fake CAPTCHA pages being a notable vector. These pages mimic legitimate services and trick users into executing malicious commands. T…
obfuscation
powershell
anti-analysis
lumma stealer
autoit
information stealer
cryptocurrency theft
fake captcha
2025-04-21
Published: April 21, 2025
Downloadable IOCs: 15

Beware! Fake 'NextGen mParivahan' Malware Returns

A new variant of the fake NextGen mParivahan malware has emerged, exhibiting enhanced stealth and data theft capabilities. The malware, disguised as a government traffic notification system, tricks users into downloading a malicious app that requests extensive permissions. This latest version targe…
android
anti-analysis
firebase
2025-04-09
malformed apk
sms theft
notification stealer
dropper-payload
c2 extraction
nextgen mparivahan
Published: April 9, 2025
Downloadable IOCs: 0

NEPTUNE RAT: An advanced Windows RAT with System Destruction Capabilities and Password Exfiltration from 270+ Applications

Neptune RAT, a sophisticated Windows-based remote access trojan, has emerged with advanced capabilities including system destruction and password exfiltration from over 270 applications. It employs PowerShell commands for deployment, leveraging catbox.moe for hosting malicious scripts. The malware …
anti-analysis
remote access trojan
2025-04-09
neptune rat
Published: April 9, 2025
Downloadable IOCs: 24

Analysis of Konni RAT: Stealth, Persistence, and Anti-Analysis Techniques

Konni RAT, a sophisticated remote access Trojan targeting Windows systems, employs a multi-stage attack process using batch files, PowerShell scripts, and VBScript. It exploits Windows Explorer limitations, obfuscates file paths, dynamically generates URLs, and uses temporary files to erase activit…
windows
persistence
anti-analysis
data exfiltration
multi-stage attack
stealth techniques
remote access trojan
2025-04-01
konni rat
Published: April 1, 2025
Downloadable IOCs: 0

Recent Cases of Watering Hole Attacks, Part 1

This analysis focuses on a watering hole attack targeting a Japanese university research laboratory website in 2023. The attack used social engineering to trick users into downloading and executing malware disguised as an Adobe Flash Player update. The malware, identified as a modified Cobalt Strik…
social engineering
cobalt strike
cobalt strike beacon
anti-analysis
cloudflare workers
watering hole
japan
2024-12-20
tips.exe
malware injection
system32.dll
flashupdateinstall.exe
university
Published: December 20, 2024
Linked vulnerabilities : CVE-2022-1388
Downloadable IOCs: 10

Raspberry Robin Analysis

Raspberry Robin, a malicious downloader discovered in 2021, has been circulating for years, primarily spreading through infected USB devices. It stands out due to its unique binary-obfuscation techniques, extensive use of anti-analysis methods, and privilege escalation exploits. The malware uses mu…
obfuscation
privilege-escalation
anti-analysis
tor
2024-11-19
raspberry robin
usb-spreading
network-propagation
CVE-2024-26229
CVE-2021-31969
Published: November 19, 2024
Linked vulnerabilities : CVE-2021-31969, CVE-2024-26229
Downloadable IOCs: 126

Recent Keylogger Attributed to North Korean Group Andariel

A new keylogger, attributed to the North Korean group Andariel (APT45), has been linked to targeted attacks against U.S. organizations. The malware captures keystrokes and mouse activity, storing data in an encrypted archive. It employs anti-analysis techniques like code obfuscation through junk co…
persistence
anti-analysis
keylogger
apt45
2024-11-04
andariel keylogger
hook procedures
clipboard theft
Published: November 4, 2024
Downloadable IOCs: 1

CoreWarrior Spreader Malware Surge

This report delves into an analysis of CoreWarrior, a persistent trojan designed for rapid propagation. It creates multiple copies of itself, attempts connections to various IP addresses, opens backdoor access, and hooks Windows UI elements for monitoring purposes. The malware employs techniques li…
backdoor
evasion
anti-analysis
trojan
2024-10-15
propagation
corewarrior
Published: October 15, 2024
Downloadable IOCs: 3

VILSA STEALER

A new malware called Vilsa Stealer has emerged on GitHub, notable for its speed and efficiency in extracting sensitive data. This sophisticated tool targets browser credentials, tokens, and various application data. It supports major browsers and over 40 crypto wallets, using Python as its programm…
cryptocurrency
data theft
exfiltration
persistence
anti-analysis
2024-10-07
vilsa stealer
browser credentials
Published: October 7, 2024
Downloadable IOCs: 3

Zharkbot Strings

Zharkbot is a C++ downloader with extensive anti-analysis and anti-sandbox features. It uses in-line string encryption and API calls, making static and emulation analysis challenging. The malware performs sandbox detection by checking for specific usernames and hypervisors. It installs itself in th…
persistence
anti-analysis
amadey
downloader
2024-09-03
anti-sandbox
string encryption
c2 communication
zharkbot
Published: September 3, 2024
Downloadable IOCs: 2

REPLAY: Revisiting Play Ransomware Anti-Analysis Techniques

This analysis revisits the anti-analysis techniques employed by recent variants of the Play ransomware, which is known for targeting industries like healthcare and telecommunications across various regions. The report explains how the ransomware utilizes techniques like return-oriented programming …
ransomware
anti-analysis
2024-08-09
playcrypt
Published: August 9, 2024
Downloadable IOCs: 4

DarkGate: Dancing the Samba With Alluring Excel Files

This analysis delves into a DarkGate malware campaign from March-April 2024 that exploits Microsoft Excel files to retrieve malicious payloads hosted on public-facing SMB file shares. It sheds light on the evolving tactics of this threat, which creatively abuses legitimate tools and services for di…
anti-analysis
autohotkey
darkgate
excel
sideloading
2024-07-11
Published: July 11, 2024
Linked vulnerabilities : CVE-2024-3400
Downloadable IOCs: 37

Dissecting GootLoader With Node.js

This article demonstrates how to circumvent anti-analysis techniques employed by GootLoader malware while utilizing Node.js debugging in Visual Studio Code. GootLoader JavaScript files employ an evasion technique that can pose a formidable challenge for sandboxes attempting to analyze the malware. …
evasion
anti-analysis
javascript
gootloader
2024-07-04
deobfuscation
Published: July 4, 2024
Downloadable IOCs: 2

Cyberespionage Group Earth Hundun's Continuous Refinement of Waterbear and Deuterbear

This comprehensive analysis delves into the continuous evolution and refinement of sophisticated malware entities employed by a persistent cyberespionage group targeting organizations in the Asia-Pacific region. The malware, known as Waterbear and its latest iteration, Deuterbear, have undergone si…
malware
evasion
anti-analysis
encryption
2024-05-21
cyberespionage
deuterbear
waterbear
Published: May 21, 2024
Downloadable IOCs: 29

Stealer Distributed via Crafted Minecraft Source Pack

This report details the operation of the zEus stealer malware, which is distributed through a crafted Minecraft source pack. The malware collects sensitive information from victims' systems, including login credentials, browser data, and cryptocurrency wallets. It employs anti-analysis techniques a…
stealer
persistence
anti-analysis
2024-05-03
2024-05-04
2024-05-05
2024-05-06
2024-05-07
2024-05-08
screenshots
zeus panda
minecraft
Published: May 8, 2024
Downloadable IOCs: 23

Zloader Learns Old Tricks

Zloader (a.k.a. Terdot, DELoader, or Silent Night) is a modular trojan based on leaked ZeuS source code. Zloader has continued to evolve since its resurrection around September 2023 after an almost two-year hiatus. The latest version, 2.4.1.0, introduces a feature to prevent execution on machines t…
python
anti-analysis
windows registry
zloader
zeus
Published: April 30, 2024
Downloadable IOCs: 8

Fletchen Stealer: An Information Stealer with Sophisticated Anti-Analysis Measures

This in-depth analysis examines Fletchen stealer, an advanced information-stealing malware featuring potent anti-analysis capabilities. It explores the malware's tactics for data harvesting from compromised systems, exfiltration methods, and measures to evade detection. The report emphasizes the dy…
stealer
exfiltration
persistence
anti-analysis
data-theft
fletchen stealer
Published: April 29, 2024
Downloadable IOCs: 13
Click here to see more Attack Reports