malwr0nwind0z - malwr0nwind0z.com

Victim organization themed phishing campaign

Leave a Comment / Malware Analysis / malwr0nwind0z

Victim Organization Themed Phishing A victim organization themed phishing campaign is when the spammers target a specific organization by crafting and designing the phishing email and/or phishing landing page with the victim organization’s logos and designs. How This Phishing Campaign Works This particular phishing email campaign’s email body was Microsoft Office themed. The embedded phishing […]

Victim organization themed phishing campaign Read More »

Lockbit Ransomware 3.0 leverages malicious Word Documents

Leave a Comment / Malware Analysis / malwr0nwind0z

Lockbit Ransomware Lockbit is a well-known ransomware-as-a-service (RAAS) that first emerged in 2019. The Lockbit group threat actors or RAAS affiliates first target a system, once this system is compromised. Its file system is encrypted and a ransom note is dropped on the victim’s computer. This note contains instructions on how to make the ransom

Lockbit Ransomware 3.0 leverages malicious Word Documents Read More »

Originality.AI Hack – How to get “Unlimited” FREE Credits

Leave a Comment / Red Team / malwr0nwind0z

The YouTube video explains an Originality.AI Hack and how to get unlimited free credits for utilizing this program. The hack involves using a temporary email address generator website to create an temporary email address and sign up for a free Originality.AI account which grants you 50 free credits for each free account you sign up with. I say

Originality.AI Hack – How to get “Unlimited” FREE Credits Read More »

The Ultimate Test: Living Off the Land (LOTL) while Rick Rollin

Leave a Comment / Red Team / malwr0nwind0z

I recently conducted a pentesting exercise for one of my clients. One main focus of the exercise was to detect and prevent a “Living off the Land” (LOTL) attack. “Living off the Land” (LOTL) in the context of cybersecurity refers to a technique used by hackers to carry out attacks using tools and utilities that

The Ultimate Test: Living Off the Land (LOTL) while Rick Rollin Read More »

Network Forensics with Wireshark and Brim: Analyzing a PCAP from an Agent Tesla infection

Leave a Comment / Forensic Analysis / malwr0nwind0z

Simplifying Network Forensic Analysis: Exploring Wireshark PCAP Files with Brim Wireshark is a powerful network protocol analyzer that allows network administrators and security professionals to monitor and inspect network traffic. It captures packets in real-time or reads from existing capture files, known as PCAP files, for offline analysis. However, as the complexity of network data

Network Forensics with Wireshark and Brim: Analyzing a PCAP from an Agent Tesla infection Read More »

Stealthy Formbook leverages steganography

Leave a Comment / Malware Analysis / malwr0nwind0z

Formbook: A Infostealer Formbook is a type of malware that is primarily used for stealing sensitive information from infected computers, was first discovered in the wild back in 2016. It is commonly distributed via malspam, or malicious spam, which is a type of spam email that contains malware or links to malware-infected websites. In this

Stealthy Formbook leverages steganography Read More »

KAPE Collection: Forensic artifacts from a Qakbot infection (via Qaknote)

Leave a Comment / Forensic Analysis / malwr0nwind0z

KAPE: Kroll Artifact Parser and Extractor KAPE is a open source Windows-based triage program that will find and collect important forensically relevant Windows OS artifacts (System logs, Registry entries, etc.). KAPE can be ran on a live Windows operating or a mounted Windows image (i.e. dead-box forensics). KAPE utilizes Targets and Modules to collect and

KAPE Collection: Forensic artifacts from a Qakbot infection (via Qaknote) Read More »

ASyncRAT delivered through malspam via OneNote attachment (Stage 2)

Leave a Comment / Malware Analysis / malwr0nwind0z

Continuing our previous AsyncRAT discussion, this is Part 2 of this blog post, where I will review stage 2, which will cover the analysis of the ASyncRAT payload (payload.exe) and we will dive into some of its functionalities. Figure 1: File property details of payload.exe shown in CFF Explorer. Unpacking ASyncRAT Since this is a

ASyncRAT delivered through malspam via OneNote attachment (Stage 2) Read More »

ASyncRAT delivered through malspam via OneNote attachment (Stage 1)

Leave a Comment / Malware Analysis / malwr0nwind0z

AsyncRat: A Remote Access Trojan (RAT) AsyncRat is an open source Remote Access Trojan (RAT) that was originally released on Github. It has since been weaponized by threat actors and actively used in cyber attacks since 2019. This malware is designed to compromise the security of a target system and allow remote attackers to gain

ASyncRAT delivered through malspam via OneNote attachment (Stage 1) Read More »

Emotet delivered through malspam via Word document attachment

Leave a Comment / Malware Analysis / malwr0nwind0z

Emotet: A Banking Trojan Emotet is a type of sophisticated and highly destructive malware that was first identified around 2014. It started as a banking trojan, primarily designed to steal sensitive financial information. However, over time, Emotet evolved into a more versatile threat, incorporating additional functionalities and capabilities. In this blog post, we will analyze

Emotet delivered through malspam via Word document attachment Read More »