Reverse Engineering

Reverse Engineering

[Case Study: Latrodectus] Analyzing and Implementing String Decryption Algorithms

This article has a slightly different objective than the last ones I published, it is not about an analysis of specific malware. Today’s article is about a case study of the Latrodectus string decryption algorithm (analyzed in the previous research). The objective is to study how to identify a string decryption algorithm when reverse engineering […]

,

[Case Study: Latrodectus] Analyzing and Implementing String Decryption Algorithms Read Post »

Detection Engineering Reverse Engineering Threat Hunting

Latrodectus [IceNova] – Technical Analysis of the… New IcedID… Its Continuation… Or its Replacement?

My first public malware research was for a strain of IcedID. A few months later, in my nighttime activities, I was working on technical analysis research for Sodinokibi (REvil), a Ransomware that is no longer seen, however, is part of the evolutionary history of the business model that we now know as RaaS. But, I

,

Latrodectus [IceNova] – Technical Analysis of the… New IcedID… Its Continuation… Or its Replacement? Read Post »

Detection Engineering Reverse Engineering Threat Hunting

IcedID – Technical Analysis of an IcedID Lightweight x64 DLL

My first public malware research was regarding an x32 PE stager (exe) from the IcedID family. In this research I analyzed three samples from different years, with the aim of identifying code reuse, and developing a Yara signature capable of detecting any IcedID sample, based on fixed code patterns persistent over the years. So you

,

IcedID – Technical Analysis of an IcedID Lightweight x64 DLL Read Post »

Detection Engineering Reverse Engineering Threat Hunting

Zero2Automated – Complete Custom Sample Challenge Analysis

The road so far… In this post, I will analyze the customized sample of the Zero2Automated: The Advanced Malware Analysis course, which is presented to us when we reach the halfway point of the course. At this point, the course has already explored in a deep and practical way subjects such as Cryptography Algorithms, Unpacking

,

Zero2Automated – Complete Custom Sample Challenge Analysis Read Post »

Detection Engineering Malware Analysis Reverse Engineering

IcedID – Technical Malware Analysis [Second Stage]

In this report I will technical analyze the new IcedID malware, go deep through reverse engineering, debugging and detection engineering. Introduction The IcedID is a banking malware design to steal financial information from your victims. The IcedID malware is also know by MITRE ATT&CK as S0483, and has been around since 2017. The IcedID has

,

IcedID – Technical Malware Analysis [Second Stage] Read Post »

Scroll to Top