ACECrypter is a crypter utilized by numerous cybercriminals. The service has been observed dropping various types of malicious software, including Remote Access Trojans (RATs), stealers, and loaders such as RedLine, SmokeLoader, and GCleaner, among others. This article provides a hands-on, step-by-step walkthrough of the process to unpack ACECrypter.
This article details the last campaign involving Latrodectus malware that is dropped by BruteRatel, some YARA and hunting pivot are also provided.
Gather IDA notes and Python snippets used during the analysis
This helper comes in handy when reversing samples that use SysWhispers2 to recover ntdll call from SysWhispers2 hashes.
All notes related to Python goes here
XWorm is a Remote Access Trojan (RAT) developed in .NET, the malware is mostly spread via phishing campaigns using homemade or opensource packing tools. Note, that some versions of the source code have leaked on Cybercrime forums and also on Telegram channels. This analysis focuses on the XWorm version 3.0.
BumbleBee is categorized as a Loader, the malware is used by Initial Access Brokers to gain access in targeted companies. This article aims to summarizing the different TTPs observed in campaigns distributing BumbleBee and provides a script to extract its configuration.