Tribal Chicken

Security. Malware Research. Digital Forensics.

  • Home
  • About
  • Contact

CryptoWall: Magic behind the dropper

Thomas White • 26 Mar 2015 • Tags: analysis, cryptowall, deobfuscation, dropper, javascript, malware

In this article we take a look at de-obfuscating the latest CryptoWall 3.0 dropper (Which is actually very, very simple). As noted in a previous article, the latest variant of CryptoWall 3.0 is getting around via a .js file, delivered via phishing email. The JavaScript file is heavily obfuscated which makes it difficult,… leer más

Page 1 of 1

About

I'm an Australian who does tech and security stuff. When not at my full-time job, I do independent DFIR / InfoSec / Malware research, and somewhere in between continue to undertake university research.

This site acts as an informal outlet for some of my personal work.

Most popular articles:

  1. Recovering BitLocker Keys on Windows 8.1 and 10: A brief touch on how the changes to BitLocker after
  2. Extracting FileVault 2 Keys with Volatility: This is a volatility plugin which can recover FileVault 2
  3. Automated Malware Analysis: mail server -> Cuckoo, V2.0: Quite some time ago I slapped together a couple of
  4. Hunting malware through memory analysis: A word of warning… Lots of screenshots in this post.

Disclaimer: The views expressed here are my own and do not necessarily reflect those of my current or past employers, affiliations, cats, etc.

Powered by: Ghost, Nginx and FreeBSD. Content powered by coffee. Ideas powered by beer, which you are welcome to donate if I've helped you.