In Part II of this blog series, we identified three child processes that were created by the IcedID malware. In Part III, we provide a deep analysis of those child processes.
Only two days after the release of GandCrab 4.0, FortiGuard Labs found a newer version (v4.1) being distributed using the same method, which is through compromised websites disguised as download sites for cracked applications.
This is the second part of the FortiGuard Labs analysis of the new Poison Ivy variant, or PlugX, which was an integrated part of Poison Ivy’s code. In the first part of this analysis we introduced how this malware was installed onto victim’s systems, the techniques it used to perform anti-analysis, how it obtained the C&C server’s IP&Port from the PasteBin website, and how it communicated with its C&C server.
Ransomware is now a common term not only in the security industry, but also in our day-to-day life. A new ransomware seems to pop up almost every given day. What we don’t normally see is how codes are implemented within these malware. Ransomware employs different techniques and attack vectors in order to infiltrate your computer system. They also use different armoring techniques to evade detection and avoid analysis. One trick they use to harden themselves against analysis is through implementing metamorphic, encryption, and polymorphic algorithms.We...