Summary I came across a fairly interesting VBS-based DanaBot downloader the other day, and I figured it was worth doing a quick write-up on the obfuscation scheme and a few of the other TPPs I observed. The social engineering pretext used in this campaign was interesting as it leveraged an “unclaimed property” themed lure and…
All posts tagged Python
DoppelDridex Delivered via Slack and Discord
Summary Several recent phishing campaigns have attempted to deliver a variant of the Dridex banking trojan via payloads staged on Slack and Discord CDNs. This is DoppelDridex, a modified variant of original Dridex malware. It is operated by the financially motivate eCrime adversary tracked as DOPPEL SPIDER. Additional tooling is often delivered as a secondary…
Analysis of Valak Maldoc
Summary The Valak malware variant appears to be an emerging threat due to an increased volume of campaign activity by its operators. Besides its relative newness, Valak is also noteworthy for a few of its other operational aspects such as an interesting execution chain and some unconventional tactics leveraged in the VB macro script of…
Analysis of a Dridex Downloader with Locked Excel Macros
Summary I came across a fairly interesting Dridex maldoc the other day, and I figured it was worth doing a quick write-up on the obfuscation and anti-analysis techniques I saw. This was an Excel document that had its VBA macro project “locked” by the threat actor to disrupt analysis. Further anti-analysis included a heavy dose…