A few months ago on this blog I described PowerLoader functionality - including an interesting way for privilege escalation into the explorer.exe system process. The leaked PowerLoader code is also used in other malware families.
Search results for: "64-bit"
We introduce Stadeo – a set of scripts that can help fellow threat researchers and reverse engineers to deobfuscate the code of Stantinko and other malware
ESET research gives a detailed picture of the operations of the Evilnum group and its toolkit deployed in attacks against carefully chosen targets in the fintech sector
ESET researchers reveal the modus operandi of the elusive InvisiMole group, including newly discovered ties with the Gamaredon group
Active APT group adds cunning remote template injectors for Word and Excel documents; unique Outlook mass-mailing macro
ESET researchers dissect a backdoor deployed in attacks against multiple government agencies and major organizations operating in two critical infrastructure sectors in Asia
Brute-force attacks and BlueKeep exploits usurp convenience of direct RDP connections; ESET releases a tool to test your Windows machines for vulnerable versions
ESET researchers discover a previously unreported cyberespionage platform used in targeted attacks against diplomatic missions and governmental institutions, and privacy-concerned users
ESET researchers discovered a campaign that uses two malicious tools with similar capabilities to ensure both resilience and broader potential for the attackers
ESET sheds light on commands used by the favorite backdoor of the Sednit group
ESET researchers detail the latest tricks and techniques OceanLotus uses to deliver its backdoor while staying under the radar
ESET researchers have discovered new versions of the DanaBot Trojan, updated with a more complicated protocol for C&C communication and slight modifications to architecture and campaign IDs
ESET’s analysis of a recent backdoor used by TeleBots – the group behind the massive NotPetya ransomware outbreak – uncovers strong code similarities to the Industroyer main backdoor, revealing a rumored connection that was not previously proven
ESET researchers have discovered new DanaBot campaigns targeting a number of European countries
ESET researchers have discovered several third-party add-ons for the popular open-source media player Kodi being used to distribute Linux and Windows cryptocurrency-mining malware
Hunting for secrets from high-profile targets while staying in the shadows
ESET researchers have discovered a piece of banking malware that employs a new technique to bypass dedicated browser protection measures
Zebrocy heavily used by the Sednit group over last two years
ESET research has found that the ransomware FriedEx, also known as BitPaymer, is actually the work of the notorious gang responsible for the Dridex banking trojan.
The Volatility Foundation, the non-profit organization behind the Volatility Framework, sponsors the yearly Volatility Plugin Contest to acknowledge the best forensic tools built on the Volatility platform.