TLSCheck 2.0: An Enhanced Memory Forensics Approach to Efficiently Detect TLS Callbacks

Memory analysis is a crucial technique in digital forensics that enables investigators to examine the runtime state of a system through physical memory dumps. While significant advances have been made in memory forensics, the detection and analysis of Thread Local Storage TLS callbacks remain...

Advanced Python Payload Encryption Framework with Hybrid Cryptography Steganography and Anti‑Debugging

This Python program implements an advanced payload protection framework that combines multiple security and obfuscation techniques to encrypt, package, and distribute Python code. The framework supports hybrid encryption, multi‑key protection, anti‑debugging checks, and optional steganographic...

charlotte

This is a C++ shellcode launcher, fully undetected as of May 13th, 2021. It dynamically invokes Windows API functions, XOR encrypts shellcode and function names, and uses random XOR keys and variables per run. The code is designed to be stealthy and evade detection. The code is written in C++ and...

YushuTechUnitreeGo1

Based on the provided code, it appears to be a Windows executable file PE file that has been modified to contain a malicious payload. The file is likely a malware dropper or a backdoor that allows remote access to the compromised system. The code is written in C and uses various techniques to eva...

Water Curse Employs 76 GitHub Accounts to Deliver Multi-Stage Malware Campaign

Cybersecurity researchers have exposed a previously unknown threat actor known as Water Curse that relies on weaponized GitHub repositories to deliver multi-stage malware. "The malware enables data exfiltration including credentials, browser data, and session tokens, remote access, and long-term...

anti-debugging (=0.0.0), capcom0 (=0.1.1) +9 more potentially affected by CVE-2024-58253 via obfstr (>=0.1.1 <=0.3.0)

obfstr CARGO version =0.1.1, =0.7.0, =0.1.0, =0.1.0, =0.1.0, =0.2.0, =1.0.3, =0.1.0, =0.6.0, =0.6.0, =0.11.0 Source cves: CVE-2024-58253 Source advisory: OSV:GHSA-V2P5-Q653-9J99...

YushuTechUnitreeGo1

Based on the provided code, it appears to be a Windows executable file PE file that contains a malicious payload. The file is encoded with a custom algorithm, making it difficult to analyze without decoding. The code is written in C and uses various techniques to evade detection, including: 1. Co...

Hackers Use MS Excel Macro to Launch Multi-Stage Malware Attack in Ukraine

A new sophisticated cyber attack has been observed targeting endpoints geolocated to Ukraine with an aim to deploy Cobalt Strike and seize control of the compromised hosts. The attack chain, per Fortinet FortiGuard Labs, involves a Microsoft Excel file that carries an embedded VBA macro to initia...

RemoteTLSCallbackInjection - Utilizing TLS Callbacks To Execute A Payload Without Spawning Any Threads In A Remote Process

This method utilizes TLS callbacks to execute a payload without spawning any threads in a remote process. This method is inspired by Threadless Injection as RemoteTLSCallbackInjection does not invoke any API calls to trigger the injected payload. Quick Links Maldev Academy Home Maldev Academy...

Stories from the SOC Part 1: IDAT Loader to BruteRatel

Rapid7’s Managed Detection and Response MDR team continuously monitors our customers' environments, identifying emerging threats and developing new detections. In August 2023, Rapid7 identified a new malware loader named the IDAT Loader. Malware loaders are a type of malicious software designed t...

Beware! YouTube Videos Promoting Cracked Software Distribute Lumma Stealer

Threat actors are resorting to YouTube videos featuring content related to cracked software in order to entice users into downloading an information stealer malware called Lumma. "These YouTube videos typically feature content related to cracked applications, presenting users with similar...

AceCryptor: Cybercriminals' Powerful Weapon, Detected in 240K+ Attacks

A crypter alternatively spelled cryptor malware dubbed AceCryptor has been used to pack numerous strains of malware since 2016. Slovak cybersecurity firm ESET said it identified over 240,000 detections of the crypter in its telemetry in 2021 and 2022. This amounts to more than 10,000 hits per...

Experts Warn of 'Beep' - A New Evasive Malware That Can Fly Under the Radar

Cybersecurity researchers have unearthed a new piece of evasive malware dubbed Beep that's designed to fly under the radar and drop additional payloads onto a compromised host. "It seemed as if the authors of this malware were trying to implement as many anti-debugging and anti-VM anti-sandbox...

Experts Warn of 'Beep' - A New Evasive Malware That Can Fly Under the Radar

Cybersecurity researchers have unearthed a new piece of evasive malware dubbed Beep that's designed to fly under the radar and drop additional payloads onto a compromised host. "It seemed as if the authors of this malware were trying to implement as many anti-debugging and anti-VM anti-sandbox...

BitRAT Now Sharing Sensitive Bank Data as a Lure

Introduction In June of 2022 Qualys Threat Research Unit TRU wrote an in-depth report on Redline, a commercial off the shelf infostealer that spreads via fake cracked software hosted on Discord’s content delivery network. Since then, we have continued to track similar threats to identify their...

GuLoader Malware Utilizing New Techniques to Evade Security Software

Cybersecurity researchers have exposed a wide variety of techniques adopted by an advanced malware downloader called GuLoader to evade security software. "New shellcode anti-analysis technique attempts to thwart researchers and hostile environments by scanning entire process memory for any virtua...

Experts Find Similarities Between New LockBit 3.0 and BlackMatter Ransomware

Cybersecurity researchers have reiterated similarities between the latest iteration of the LockBit ransomware and BlackMatter, a rebranded variant of the DarkSide ransomware strain that closed shop in November 2021. The new version of LockBit, called LockBit 3.0 aka LockBit Black, was released in...

Experts Shed Light on BlackGuard Infostealer Malware Sold on Russian Hacking Forums

A previously undocumented "sophisticated" information-stealing malware named BlackGuard is being advertised for sale on Russian underground forums for a monthly subscription of $200. "BlackGuard has the capability to steal all types of information related to Crypto wallets, VPN, Messengers, FTP...

New MyloBot Malware Variant Sends Sextortion Emails Demanding $2,732 in Bitcoin

A new version of the MyloBot malware has been observed to deploy malicious payloads that are being used to send sextortion emails demanding victims to pay $2,732 in digital currency. MyloBot, first detected in 2018, is known to feature an array of sophisticated anti-debugging capabilities and...

TrickBot Crashes Security Researchers’ Browsers in Latest Upgrade

Trojan titan TrickBot has added a striking anti-debugging feature that detects security analysis and crashes researcher browsers before its malicious code can be analyzed. The new anti-debugging feature was discovered by Security Intelligence analysts with IBM, who reported the emergence of a...