Tribal Chicken

Security. Malware Research. Digital Forensics.

  • Home
  • About
  • Contact

Malware Analysis #3: Hesperbot, Part 2

Thomas White • 9 Nov 2014 • Tags: analysis, hesperbot, kazyloader, kazyrootkit, malware, security

This is a follow up to the last post: Malware Analysis #3: Hesperbot, Part 1 [https://tribalchicken.com.au/?p=605] With some assistance from CERT Australia, it’s possible to identify this particular malware sample as Hesperbot, or at least a very close relative. This also matches their data about this particular campaign. I’… leer más

Malware Analysis #3: Hesperbot, Part 1

Thomas White • 27 Oct 2014 • Tags: c#, decompile, kazyloader, malware, post-daily, security

I was kindly forwarded a sample of a phishing email crafted to appear as an Australia Post missed delivery noticed. Someone is certainly trying to deliver something (which isn’t a parcel), so my goal is to figure out what that is exactly. Note: I have included some general Phishing information. If you wish to… leer más

Page 1 of 1

About

I'm an Australian who does tech and security stuff. When not at my full-time job, I do independent DFIR / InfoSec / Malware research.

This site acts as an informal outlet for some of my personal work.

Most popular articles:

  1. Recovering BitLocker Keys on Windows 8.1 and 10: A brief touch on how the changes to BitLocker after
  2. Extracting FileVault 2 Keys with Volatility: This is a volatility plugin which can recover FileVault 2
  3. Automated Malware Analysis: mail server -> Cuckoo, V2.0: Quite some time ago I slapped together a couple of
  4. Hunting malware through memory analysis: A word of warning… Lots of screenshots in this post.

Disclaimer: The views expressed here are my own and do not necessarily reflect those of my current or past employers, affiliations, cats, etc.

Powered by: Ghost, Nginx and FreeBSD. Content powered by coffee. Ideas powered by beer, which you are welcome to donate if I've helped you.