InQuest Blog Articles Filed Under ""

You can view all blog posts filed under this tag.

InQuest Blog

Threat-hunting, malware, ransomware, vulnerability analysis and news from authors of InQuest.

Field Notes: Malicious HFS Instances Serving Gh0stRAT

Posted on 2019-03-23 by aswanda

HTTP File Server, commonly abbreviated as HFS, is a free and simple means to send and receive files across the Internet. This also makes the software a popular choice among malicious actors for hosting and distributing malware and exploits, and an interesting target for malware researchers. An investigation into an HFS instance hosting an exploit for CVE-2018-8174 led to the discovery of an interesting threat actor and their infrastructure, the continued use of the Gh0st RAT malware, and many common attributes we can use to help us identify this malicious activity in the wild.

field-notes malware-analysis

Blog Archive

InQuest Blog

Threat-hunting, malware, ransomware, vulnerability analysis and news from authors of InQuest.

Field Notes: Agent Tesla Open Directory

Posted on 2019-03-23 by aswanda

InQuest discovered an open directory hosting several Agent Tesla payloads, as well as several separate web panels for the administration of different Agent Tesla malware campaigns. We decided this was a good time to have a quick look at this malware family, it's capabilities, and the artifacts found in the open directory. Agent Tesla is a malware family written in .NET for Microsoft Windows systems and has much in common with spyware in its capabilities. Its primary functions include stealing credentials, keylogging, collecting screenshots, capturing web camera images, and gathering clipboard data, although unlike many spyware families it is often seen in more standard malware campaigns and makes use of common malware techniques for obfuscation, unpacking, and data collection.

field-notes malware-analysis

Blog Archive