This is a collection of our raw research notes. Each post is generated from a Jupyter Notebook that can be found in our GitHub Research repository. Notes may contain errors, spelling mistakes, grammar mistakes, and incorrect code. Please keep in mind these are all rough drafts. Pull requests are welcome!

Notes

• RootTeam

  Taking a look at this free GO stealer

  Jul 20, 2023

• Lobshot

  Lobshot a basic hVNC bot

  Jul 16, 2023

• Truebot

  Truely a simple malware leading to ransomware

  Jul 13, 2023

• Status Recorder

  Is this new stealer a fork of something we have seen before

  Jul 6, 2023

• Triage Malware Delivery Chain

  Walking the delivery chain from VBS to PS to DOTNET

  Jul 2, 2023

• XORSTR Generic String Decryption

  Writing a generic string decryptor for this open source library

  Jun 25, 2023

• RisePro Triage

  Investigating the link between RisePro and PrivateLoader

  Jun 15, 2023

• AMSI Bypass In The Wild

  Taking a close look at this asyncrat loader with an AMSI bypass

  May 28, 2023

• Metastealer

  DGAs and obfuscation as malware goes meta

  May 11, 2023

• StrelaStealer

  Under the radar email credential stealer in development

  May 7, 2023

• Satacom (LegionLoader)

  Taking a look at this loader associated with NullMixer

  Apr 30, 2023

• in2al5dp3in4er Loader

  Invalid Printer using CreateDXGIFactory graphics card g-checking sandboxes

  Apr 23, 2023

• CryptNET Ransomware

  New DOTNET ransomware threat or copy pasta wannabe

  Apr 20, 2023

• XORStringsNet

  Automatically defeating this dotnet string cryptor

  Apr 16, 2023

• Quasar Chaos

  Open Source Ransomware Meets Open Source RAT

  Apr 13, 2023