November 12, 2018 - TrickBot has been present in the threat landscape from quite a while. We wrote about its first version in October 2016. October 2018 marks end of the second year since TrickBot’s appearance. Possibly the authors decided to celebrate the anniversary by a makeover of some significant elements of the core. This post is an analysis of the updated obfuscation used by TrickBot’s main module.
August 30, 2018 - When we recently analyzed payloads related to Hidden Bee (dropped by the Underminer EK), we noticed something unusual. After reversing the malware, we discovered that its authors actually created their own executable format. Follow our step-by-step analysis for a closer look.
August 13, 2018 - Process doppleganging, a rare technique of impersonating a process, was discovered last year, but hasn't been seen much in the wild since. It was an interesting surprise, then, to discover its use mixed in with Process Hollowing, yet another technique, in a dropper for the Osiris banking Trojan.
May 22, 2018 - About three weeks ago, we published our second CrackMe, which has triggered a lot of interest, and many high-quality write-up submissions. In this post, we summarize the contest and comment on the submissions. Whose write-up won? Read on to find out.
April 27, 2018 - Last November, we launched the first Malwarebytes CrackMe. Encouraged by an overwhelmingly positive response, we decided to repeat the game—this time making it even harder and more fun.