InQuest Blog
Posted on 2022-01-26Josiah Smith and Nick Chalard
This post is a quick dissection of an interesting malware lure that appears to be a part of a campaign targeting 🇧🇷 Brazilian / Portuguese speaking users. The sample in question is available on InQuest Labs. Glancing at the macro you’ll quickly notice that a number of notepad.exe processes will be launched, additionally, there’s a reference to a malicious domain which we have filtered the below screenshot to: unimed-corporated[.]com
Posted on 2022-01-24Dmitry Melikov
Some time ago, we discovered a large wave of phishing emails with an exciting delivery method. This article will describe this method and show how it works, starting from a malicious document. We will explore the following documents, each with a beautiful visual lure that abuses the names and logos of Chase Bank and Bank of America.
Posted on 2021-12-28Dmitry Melikov
On December 9, 2021, a vulnerability (CVE-2021-44228) was published to the global information security community. Logging utility Log4j (version 2.0 to 2.15.0-rc2 version) contained a critical remote code execution (RCE) vulnerability, which was dubbed Log4Shell. If a threat actor manages to execute an exploit on a vulnerable machine, they are able to execute arbitrary code and potentially gain full control over the system.
Posted on 2021-12-20Nick Chalard
With the holiday season upon us and Log4j-nia still keeping most of us awake at night, we want to revisit an old chum who continues to operate in full swing amidst the chaos. With fresh tactics at their disposal, Dridex continues to target large organizations with somewhat elaborate lures to ensure user interaction and infection. On Monday, December 15th we noticed an uptick in the amount of verified malware hiding behind password-protected Microsoft Excel spreadsheets, specifically ones containing the dated "macrosheet" functionality.
Posted on 2021-11-23Dmitry Melikov
How does fishing work in real life? The fisherman chooses a suitable place for fishing, he chooses the right tools; a fishing rod or nets, and he also needs to choose the right bait. When everything is ready, he can expect a good degree of success. In fact, fishing in cyberspace is not that different from fishing in real life. A threat actor needs to choose the right tools. Depending on the purpose, he can use different tools; such as bankers to steal money or espionage tools to steal data. A threat actor can also use third-party tools such as Cobalt Strike or Metasploit, everything will depend on the goals.