These days, most malware employs long chain attack and anti-analysis techniques to make it more difficult to detect the payload and harder to analyze by security researchers. Such is the case with GandCrab, a new ransomware strain that entered the scene late last month and is currently active.
Topics: Ransomware, Exploit Kit, Attack Analysis, Custom Packer, Threat Profile
RokRAT is a sophisticated Remote Access Trojan (RAT) that is skilled at evading detection and uses multiple techniques to make analysis difficult. The current RokRAT campaign was identified by Cisco Talos in November. The earliest known RokRAT campaign occured in April, although this used a less evasive malware variant.
Topics: Exploits, Custom Packer, Threat Profile
Packer-based malware is malware which is modified in the runtime memory using different and sophisticated compression techniques. Such malware is hard to detect by known malware scanners and anti-virus solutions. In addition, it is a cheap way for hackers to recreate new signatures for the same malware on the fly simply by changing the encryption/packing method. Packers themselves are not malware; attackers use this tactic to obfuscate the code’s real intention.
Topics: Cyber Attacks, Sandbox evasion, Cyber Security, Attack Analysis, Custom Packer
