InQuest Blog

Threat-hunting, malware, ransomware, vulnerability analysis and news from authors of InQuest.
Posted on 2019-03-09 by Amirreza Niakanlahiji
In this article, we dissect a sophisticated multi-stage PowerShell script that was found on HybridAnalysis a few days back. The discussion entails an in-depth analysis of the various techniques that this particular malware instance utilized to keep itself under the radar. As of writing this article, none of the AntiViruses on VirusTotal detected this sample.
Posted on 2019-02-28 by Steve Esling
Unsupervised machine learning can give us insights that supervised learning cannot. Here, we go over one of these algorithms, MinHash.
Posted on 2019-02-26 by Josiah Smith
This article covers the analysis of an interesting customer malspam encounter that was identified with a user-defined signature focusing on high levels of entropy within the file. Starting with a pdf lure to get an macro laiden downloader document and finished with emotet banking malware.
Posted on 2019-01-29 by Amirreza Niakanlahiji
In this article, we dissect a sneaky malicious Microsoft Excel XLM file that we caught in the wild. To do so, we utilize a few open source as well as in-house tools to analyze the Excel document. During our analysis, we point out the limitations of a few popular file carving tools, such as foremost and scalpel, in extracting data from this and related samples.
Posted on 2019-01-21 by Josiah Smith
Powershell Empire is a go-to tool for pentesters, red-teamers, and cyber-criminals. While it is an incredible framwork, the InQuest platform easily detects the obfuscated payloads that are generated.
Blog Archive