Crypt0L0cker - TorrentLocker Rebranded
Recently here in Australia there has been some discussion about a Ransomware campaign using Australian Federal Police themed spam emails (The AFP published a press release [http://www.afp.gov.au/media-centre/news/afp/2015/april/media-release-afp-warns-public-of-email-traffic-infringement-scam] on the matter in April). The malware shares many characteristics with TorrentLocker and looks to be nearly identical.… continue reading
Hunting malware through memory analysis
A word of warning… Lots of screenshots in this post. Update 10/05/2015: I’ve updated the article with more information about some of the commands used in order to help out people who aren’t familiar with Volatility. When hunting a piece of malware it can be very interesting to have a poke… continue reading
Trojan using Pastebin & Dropbox
Interesting… Another variant of what appears to be Ursnif (Please correct me if you have further info) is making the rounds, this time using the well known services Pastebin and Dropbox to assist in distributing the malware As seen previously the malware is being spread primarily by phishing email with a zip file attached. Within… continue reading
CryptoWall: Magic behind the dropper
In this article we take a look at de-obfuscating the latest CryptoWall 3.0 dropper (Which is actually very, very simple). [https://tribalchicken.net/content/images/2015/03/ce0.png] As noted in a previous article [https://tribalchicken.com.au/security/cryptowall-3-0-still-alive/], the latest variant of CryptoWall 3.0 is getting around via a .js… continue reading
CryptoWall 3.0: still alive.
Note: This is not yet a full analysis. Early this morning I received several phishing emails that look suspiciously like those associated with the delivery of Cryptowall 3.0…. [https://tribalchicken.net/content/images/2015/03/Screen-Shot-2015-03-24-at-8.17.16-pm.png] The zip files contain an obfuscated .js file. Unfortunately I did not get time to… continue reading