Trojan using Pastebin & Dropbox

Thomas White • Tags: macro, malware, pastebin, rovnix, ursnif

Interesting… Another variant of what appears to be Ursnif (Please correct me if you have further info) is making the rounds, this time using the well known services Pastebin and Dropbox to assist in distributing the malware As seen previously the malware is being spread primarily by phishing email with a zip file attached. Within… leer más

CryptoWall: Magic behind the dropper

Thomas White • Tags: analysis, cryptowall, deobfuscation, dropper, javascript, malware

In this article we take a look at de-obfuscating the latest CryptoWall 3.0 dropper (Which is actually very, very simple). [https://tribalchicken.net/content/images/2015/03/ce0.png] As noted in a previous article [https://tribalchicken.com.au/security/cryptowall-3-0-still-alive/], the latest variant of CryptoWall 3.0 is getting around via a .js… leer más

CryptoWall 3.0: still alive.

Thomas White • Tags: cryptolocker, cryptowall, malware, phishing

Note: This is not yet a full analysis. Early this morning I received several phishing emails that look suspiciously like those associated with the delivery of Cryptowall 3.0…. [https://tribalchicken.net/content/images/2015/03/Screen-Shot-2015-03-24-at-8.17.16-pm.png] The zip files contain an obfuscated .js file. Unfortunately I did not get time to… leer más

A look inside a malicious macro

Thomas White • Tags: macro, malicious, malware, security, trojan, word

An interesting sample landed in my samples database the other day. It’s an email with a word document attached. The email, as usual, claims that this company has found discrepancies on some transactions, and needs you to read the document to verify these transactions. [https://tribalchicken.net/content/images/2015/02/Screen-Shot-2015-02-11-at-9.30.19-pm.… leer más