Search found 5 matches

by syntx
Thu Mar 23, 2017 10:53 am
Forum: Malware
Topic: Obtaining New Malware and Improving
Replies: 1
Views: 11051

Re: Obtaining New Malware and Improving

I think you might be jumping a bit far ahead in going for unclassified samples. As you say, you are currently working through the Practical Malware Analysis book which is good. But I think you may be overwhelmed when going from that to more real-world "unclassified" malware. I would recommend that y...
by syntx
Mon Dec 26, 2016 11:11 pm
Forum: Malware
Topic: Win32/Cerber
Replies: 76
Views: 162872

Re: Win32/Cerber

Have anyone speculated how the ranges are picked to where it sends stats? The early versions was kind of easy to follow as it was only acquire a server in the IP-range, the past few months have however showed ranges without hosting providers which points to that the author uses hacked servers as rel...
by syntx
Fri Dec 02, 2016 10:09 pm
Forum: Malware
Topic: Win32/Cerber
Replies: 76
Views: 162872

Re: Win32/Cerber

Macro downloading XOR-encoded payload from 93.170.123[.]96/one.txt

Attach decoded + unpacked
by syntx
Wed Sep 14, 2016 2:25 pm
Forum: Malware
Topic: Win32/Cerber
Replies: 76
Views: 162872

Re: Win32/Cerber

Looks like there has been a large increase in Cerber since cerber3 came out. Anyone got any recent sample (last few days)? https://twitter.com/MalwareTechBlog/status/775585046988222465 EDIT: Also it seems Cerber has changed its ransom message file name to @__README__@.txt From Antelox (https://twit...
by syntx
Tue Sep 06, 2016 7:49 am
Forum: Malware
Topic: Win32/Cerber
Replies: 76
Views: 162872

Re: Win32/Cerber

Hi xors, I'm just learning, and I'm wondering how did you manage to find the files types it is targeting? As I cannot see it in the unpacked sample. Thanks. I haven't been looking into Cerber since version 1 but back then I found that the string "cerber" was referenced near the decryption of the co...