-
The Story Behind Blackout: Abusing Gmer Driver to Terminate Protected Processes
6spif
The Story During a ransomware incident response, I noticed a file with a strange name that was retrieved by the team. Upon inspection, it turned out to be a driver. This raised the question “what does a driver have to do with a ransomware incident response?” To understand this, I started gathering information about the…
-
ALPHV Malware Analysis Report
6spif
Description The file is a 32-bit Windows executable that contains BlackCat Ransomware, BlackCat, also known as Noberus or ALPHV, is a sophisticated ransomware family programmed in Rust and deployed as part of Ransomware as a Service (RaaS) operations on Windows, The ransomware can be configured to encrypt files using either AES or ChaCha20 algorithms, In…
-
Inside PLAY’s Game Cobalt Strike Beacon as the Gateway to Ransomware Havoc
6spif
Description The first file is a 32-bit Windows executable that contains a Cobalt Strike Beacon, This executable file uses two local thread storages to conceal its main functionality, evade detection, and make its code more complex and difficult to analyze, also the file contains a malicious implant known as a Cobalt Strike Beacon, which is…
About
Lorem ipsum dolor sit amet, consec tetur adipiscing elit. Maecenas odio lacus, dignissim sollicitudin finibus commodo, rhoncus et ante.
Categories
Recent Post
Tags
There’s no content to show here yet.