Posts tagged trojan

Catching a Headless Horseman (or analysis of Trojan.Downloader.1301007.C-Jottix)

Defeating security controls in antivirus and anti-malware systems is a common goal among malware authors. There are many sophisticated techniques and an incredible level of creativity with regard to methods of defeating these systems coming from those on “the other side of the fence.” (more…)

Hunting Down FTP Password Stealer Malware with Vinsula Execution Engine

Malware authors are getting increasingly creative in their attempts to bypass security controls and gain access to critical information by using tools such as password stealer malware to steal credentials and intercept web traffic. In this post, we build a Behavioral Profile of Password Stealer Malware Trojan.FTP.13809.A. (more…)

Trojan.Plague.13604.B – Behavioral Signature Analysis of Mutopy Malware using Vinsula

A critical part of recent malware binaries is the executable component responsible for downloading the actual malware from a designated malware server.

Our colleague, security researcher Mila Parkour, published a link to a great post at DeepEnd Research (posted by Andre M. DiMino) with some interesting results about a downloader/trojan dubbed Trojan.Plague.13604.B. This malware is a variation of Mutopy  – Win32 found by Sophos.
(more…)

Trojan.Malaria.13002 – Malware Behavioral Signature Analysis

Given the widespread continued use of spear phishing campaigns, it generally wise to approach any emails containing attachments or links to archives with a heavy dose of caution—especially when the email comes from an unknown sender.

Over the last two days I received several emails from a sender that I didn’t recognize, and proceeded to analyze the attachment with our own Vinsula Execution Engine, allowing me quickly build a behavioral profile the potential malware. Not surprisingly, the report generated by Vinsula showed clear indications that the attachment is malicious. We have titled this malware Trojan.Malaria.13002. (more…)

Go to Top