Reverse Engineering Featured RecordBreaker Malware Analysis, Part 3 If you remember from part 2 of the writeup series, we left off with an instance of AppLaunch.exe created in a suspended state. I left some hints at what it was going to be used for. If you didn't pick up on it - spoiler alert - it's process hollowing. In this part, I'm going to work with...
Reverse Engineering RecordBreaker Malware Analysis, Part 2 RecordBreaker malware (AKA Raccoon Stealer V2) is reported to be a "full rewrite in C/C++" of Raccoon Stealer. The Racoon Stealer malware family is an MaaS (Malware as a Service) "product" available for sale in online black markets that is primarily reported to be a password/credential stealer.
Analysis RecordBreaker Malware Analysis, Part 1 RecordBreaker malware (AKA Raccoon Stealer V2) is reported to be a "full rewrite in C/C++" of Raccoon Stealer. The Racoon Stealer malware family is an MaaS (Malware as a Service) "product" available for sale in online black markets that is primarily reported to be a password/credential stealer.
Analysis Malware Analysis: SocGoulish JS Dropper This is a quick analysis of a SocGoulish dropper. The JavaScript defines a series of functions, a variable that contains the URL it attempts to download from at a later point, and then calls a "request" function that will download...
Analysis Russian Phishing Email Analysis Step-by-step analysis of three Russian phishing emails. This writeup is written over several days in my free time. You will see varying dates in tool output and screenshots. I am using a modified Flare-VM install for this analysis.