Malware Analysis - malwr0nwind0z.com

Victim organization themed phishing campaign

Leave a Comment / Malware Analysis / malwr0nwind0z

Victim Organization Themed Phishing A victim organization themed phishing campaign is when the spammers target a specific organization by crafting and designing the phishing email and/or phishing landing page with the victim organization’s logos and designs. How This Phishing Campaign Works This particular phishing email campaign’s email body was Microsoft Office themed. The embedded phishing […]

Victim organization themed phishing campaign Read More »

Lockbit Ransomware 3.0 leverages malicious Word Documents

Leave a Comment / Malware Analysis / malwr0nwind0z

Lockbit Ransomware Lockbit is a well-known ransomware-as-a-service (RAAS) that first emerged in 2019. The Lockbit group threat actors or RAAS affiliates first target a system, once this system is compromised. Its file system is encrypted and a ransom note is dropped on the victim’s computer. This note contains instructions on how to make the ransom

Lockbit Ransomware 3.0 leverages malicious Word Documents Read More »

Stealthy Formbook leverages steganography

Leave a Comment / Malware Analysis / malwr0nwind0z

Formbook: A Infostealer Formbook is a type of malware that is primarily used for stealing sensitive information from infected computers, was first discovered in the wild back in 2016. It is commonly distributed via malspam, or malicious spam, which is a type of spam email that contains malware or links to malware-infected websites. In this

Stealthy Formbook leverages steganography Read More »

ASyncRAT delivered through malspam via OneNote attachment (Stage 2)

Leave a Comment / Malware Analysis / malwr0nwind0z

Continuing our previous AsyncRAT discussion, this is Part 2 of this blog post, where I will review stage 2, which will cover the analysis of the ASyncRAT payload (payload.exe) and we will dive into some of its functionalities. Figure 1: File property details of payload.exe shown in CFF Explorer. Unpacking ASyncRAT Since this is a

ASyncRAT delivered through malspam via OneNote attachment (Stage 2) Read More »

ASyncRAT delivered through malspam via OneNote attachment (Stage 1)

Leave a Comment / Malware Analysis / malwr0nwind0z

AsyncRat: A Remote Access Trojan (RAT) AsyncRat is an open source Remote Access Trojan (RAT) that was originally released on Github. It has since been weaponized by threat actors and actively used in cyber attacks since 2019. This malware is designed to compromise the security of a target system and allow remote attackers to gain

ASyncRAT delivered through malspam via OneNote attachment (Stage 1) Read More »

Emotet delivered through malspam via Word document attachment

Leave a Comment / Malware Analysis / malwr0nwind0z

Emotet: A Banking Trojan Emotet is a type of sophisticated and highly destructive malware that was first identified around 2014. It started as a banking trojan, primarily designed to steal sensitive financial information. However, over time, Emotet evolved into a more versatile threat, incorporating additional functionalities and capabilities. In this blog post, we will analyze

Emotet delivered through malspam via Word document attachment Read More »