In this article, we analyze a malicious hta file that we found on VirusTotal. This instance uses a few interesting techniques to evade existing detection mechanisms. In this blog post, we provide an in-depth analysis of this instance and reveal the techniques that are utilized to keep the instance under the radar. At the time of hunting this instance, only two engines marked this instance as malicious.
Threat-hunting, malware, ransomware, vulnerability analysis and news from authors of InQuest.
Posted on 2019-04-30 by Amirreza Niakanlahiji
Posted on 2019-03-26 by Adam Musciano
ThreatIngestor helps you collect threat intelligence from public feeds, and gives you context on that intelligence so you can research it further, and put it to use protecting yourself or your organization. In this post, we will go through the process of making a twitter bot.
Posted on 2019-03-09 by Amirreza Niakanlahiji
In this article, we dissect a sophisticated multi-stage PowerShell script that was found on HybridAnalysis a few days back. The discussion entails an in-depth analysis of the various techniques that this particular malware instance utilized to keep itself under the radar. As of writing this article, none of the AntiViruses on VirusTotal detected this sample.
Posted on 2019-02-28 by Steve Esling
Unsupervised machine learning can give us insights that supervised learning cannot. Here, we go over one of these algorithms, MinHash.
Posted on 2019-02-26 by Josiah Smith
This article covers the analysis of an interesting customer malspam encounter that was identified with a user-defined signature focusing on high levels of entropy within the file. Starting with a pdf lure to get an macro laiden downloader document and finished with emotet banking malware.