The King is Dead, Long Live MyKings! (Part 1 of 2)

Avast –  Avast –  MyKings is a long-standing and relentless botnet which has been active from at least 2016. Since then it has spread and extended its infrastructure so much…

BluStealer: from SpyEx to ThunderFox

Avast –  Avast –  Overview BluStealer is is a crypto stealer, keylogger, and document uploader written in Visual Basic that loads C#.NET hack tools to steal credentials. The family was…

DirtyMoe: Code Signing Certificate

Avast –  Avast –  Abstract The DirtyMoe malware uses a driver signed with a revoked certificate that can be seamlessly loaded into the Windows kernel. Therefore, one of the goals…

DirtyMoe: Rootkit Driver

Avast –  Avast –  Abstract In the first post DirtyMoe: Introduction and General Overview of Modularized Malware, we have described one of the complex and sophisticated malware called DirtyMoe. The…

Magnitude Exploit Kit: Still Alive and Kicking

Avast –  Avast –  If I could choose one computer program and erase it from existence, I would choose Internet Explorer. Switching to a different browser would most likely save…

Decoding Cobalt Strike: Understanding Payloads

Avast –  Avast –  Intro Cobalt Strike threat emulation software is the de facto standard closed-source/paid tool used by infosec teams in many governments, organizations and companies. It is also…

Backdoored Client from Mongolian CA MonPass

Avast –  Avast –  We discovered an installer downloaded from the official website of MonPass, a major certification authority (CA) in Mongolia in East Asia that was backdoored with Cobalt…

Crackonosh: A New Malware Distributed in Cracked Software

Avast –  Avast –  We recently became aware of customer reports advising that Avast antivirus was missing from their systems – like the following example from Reddit. From Reddit We…

DirtyMoe: Introduction and General Overview of Modularized Malware

Avast –  Avast –  The rising price of the cryptocurrency has caused a skyrocketing trend of malware samples in the wild. DDoS attacks go hand in hand with the mining…

Binary Reuse of VB6 P-Code Functions

Avast –  Avast –  Reusing binary code from malware is one of my favorite topics. Binary re-engineering and being able to bend compiled code to your will is really just…