This is a collection of our raw research notes. Each post is generated from a Jupyter Notebook that can be found in our GitHub Research repository. Notes may contain errors, spelling mistakes, grammar mistakes, and incorrect code. Please keep in mind these are all rough drafts. Pull requests are welcome!

Notes

• AMSI Bypass In The Wild

  Taking a close look at this asyncrat loader with an AMSI bypass

  May 28, 2023

• Metastealer

  DGAs and obfuscation as malware goes meta

  May 11, 2023

• StrelaStealer

  Under the radar email credential stealer in development

  May 7, 2023

• Satacom (LegionLoader)

  Taking a look at this loader associated with NullMixer

  Apr 30, 2023

• in2al5dp3in4er Loader

  Invalid Printer using CreateDXGIFactory graphics card g-checking sandboxes

  Apr 23, 2023

• CryptNET Ransomware

  New DOTNET ransomware threat or copy pasta wannabe

  Apr 20, 2023

• XORStringsNet

  Automatically defeating this dotnet string cryptor

  Apr 16, 2023

• Quasar Chaos

  Open Source Ransomware Meets Open Source RAT

  Apr 13, 2023

• PhotoLoader ICEDID

  Taking a closer look at this ICEDID loader

  Apr 6, 2023

• AresLoader

  Taking a closer look at this new loader

  Apr 2, 2023

• 3CX Supply Chain Attack

  Taking a closer look at the delivery of this malware

  Mar 30, 2023

• OneNote WSF Malware (Emotet)

  Rapidly extracting IOCs from Onenote malware delivery

  Mar 19, 2023

• CryptBot

  Another C++ bot

  Mar 16, 2023

• Healer AVKiller

  Simple .NET hack tool used to kill AV

  Mar 15, 2023

• QvoidStealer

  Lol what is up with these trash .NET stealers

  Mar 12, 2023