HackDig : Dig high-quality web security articles for hacker

Analyzing the Fileless, Code-injecting SOREBRECT Ransomware

by Buddy Tancio (Threats Analyst) Fileless threats and ransomware aren’t new, but a malware that incorporates a combination of their characteristics can be dangerous. Take for instance the fileless, code-injecting ransomware we’ve uncovered—SOREBRECT, which Trend Micro detects as RANSOM_SOREBRECT.A and RANSOM_SOREBRECT.B. We first encountered SOREBRECT durin
Publish At:2017-06-15 21:20 | Read:453 | Comments:0 | Tags:Ransomware Code Injection fileless PsExec ransomware SOREBRE

Dvmap: the first Android malware with code injection

In April 2017 we started observing new rooting malware being distributed through the Google Play Store. Unlike other rooting malware, this Trojan not only installs its modules into the system, it also injects malicious code into the system runtime libraries. Kaspersky Lab products detect it as Trojan.AndroidOS.Dvmap.a. The distribution of rooting malware thr
Publish At:2017-06-08 15:45 | Read:686 | Comments:0 | Tags:Featured Mobile code injection Google Android Mobile Malware

ARM payload development

As I mentioned on Twitter earlier (@OwariDa, @ClevCode), using the excellent Hex-Rays ARM decompiler turned out to be quite handy for verifying the payload I’m developing and injecting into the XMM6260-based baseband in my Samsung S3 (GT-i9300). Rebooting my phone due to baseband crashes can be a bit time consuming. :DThe specific research I’m do
Publish At:2014-08-09 19:05 | Read:1462 | Comments:0 | Tags:Research Android ARM Baseband Code Injection Samsung S3

Dissecting Payload Injection Using LLama Process Snapshots

In our last blog-post on process snapshotting, we showed how process snapshots (or “dumps”) allow bridging the gap between dynamic and static analysis. In this post, we want to continue along this line and describe a related problem security analysts face: Analyzing code injections in analysis tools such as IDA Pro. Injected code is particularly
Publish At:2014-08-09 12:42 | Read:1451 | Comments:0 | Tags:Code Injection Process Snapshotting

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud