Clik here to view.
Analysis of an Evasive Backdoor
Authored by: Roman Vasilenko, Kyle Creyts The Initial Infection Vector - Nuclear Pack A Curious Executable, A Detailed Analysis The Dropper The Second Stage The Juxtaposition The Unpack Sandbox And AV...
View ArticleClik here to view.
An Analysis of PlugX
Authored by: Roman Vasilenko, Kyle Creyts Introduction There are a number of articles recently written about a Remote Access Trojan called PlugX or Korplug (with older variants known as Sogu, Thoper,...
View ArticleClik here to view.
Automatically Detecting Evasive Malware
Malware has always been in continuous evolution: Throughout the years we have seen simple viruses become polymorphic, autonomous self-replicating code connecting to a master host and becoming a...
View ArticleClik here to view.
Using High-Resolution Dynamic Analysis for BHO Trigger Detection
Looking at how malware analysis engines evolved over the last decade, the trend is quite obvious: Dynamic analysis systems are replacing purely static ones or at least combine elements from both...
View ArticleClik here to view.
Analyzing Environment-Aware Malware
A look at Zeus Trojan variant called Citadel evading traditional sandboxes Fighting traditional sandboxes (or dynamic analysis systems in general) typically comes in the form of detecting the analysis...
View ArticleClik here to view.
Lastline employees involved in top-tier Android research
Researchers from UCSB and University of Bonn recently published a paper on the risks incurred by dynamically loaded external code in Android apps. The accompanying blog post on the iSecLab blog gives...
View ArticleClik here to view.
How To Build An Effective Sandbox
Automated malware analysis systems (or sandboxes) are one of the latest weapons in the arsenal of security vendors. Such systems execute an unknown malware program in an instrumented environment and...
View ArticleClik here to view.
A Pipeline for Scalable Analysis Capability
An area where we spend quite some effort here at Lastline is scaling up our malware analysis capabilities, that is our ability to analyze (potentially) malicious artifacts, such as binaries,...
View ArticleClik here to view.
Analyzing a banking Trojan
In our effort to detect threats to the users of Android devices, we analyze a lot of malicious apps. This post exemplifies the analysis of such malware, more specifically a banking Trojan that we came...
View ArticleClik here to view.
Antivirus Isn't Dead, It Just Can't Keep Up
Much has been said in recent weeks about the state of antivirus technology. To add facts to the debate, Lastline Labs malware researchers studied hundreds of thousands of pieces of malware they...
View ArticleClik here to view.
Detecting Keyloggers on Dynamic Analysis Systems
Authored by: Kevin Hamacher, Dario Filho, Clemens Kolbitsch One notorious functionality present in many variants of today’s advanced malware is the ability to steal sensitive user information. Taking...
View ArticleClik here to view.
Analyzing an “Ultra-Advanced APT Tool” Using High-Resolution Dynamic Analysis
Every AV I've tested is helpless against Violent Python attacks; the only good defense I've found is @LastlineLabs — Sam Bowne (@sambowne) May 27, 2014 Earlier this week, Sam Bowne (@sambowne) posted...
View ArticleClik here to view.
An Analysis of PlugX Using Process Dumps from High-Resolution Malware Analysis
Targeted attacks and so-called APTs (advanced persistent threats) come in many forms and colors. Very often, in-house malware analysis teams want to go beyond the detection information offered by...
View ArticleClik here to view.
Dissecting Payload Injection Using LLama Process Snapshots
In our last blog-post on process snapshotting, we showed how process snapshots (or “dumps”) allow bridging the gap between dynamic and static analysis. In this post, we want to continue along this...
View ArticleClik here to view.
Exploit Analysis via Process Snapshotting
In this third post in our blog series on process snapshotting (see previous posts on PlugX and Shiz’ code injection), we will show how to dissect exploit payloads using the LLama full-process snapshot...
View ArticleClik here to view.
A Look at Advanced Targeted Attacks Through the Lense of a Human-Rights NGO,...
In my capacity as an academic researcher at Northeastern University, I collaborated with computer scientists Stevens Le Blond, Adina Uritesc and C´edric Gilbert at the Max Planck Institute for...
View ArticleClik here to view.
Rogue Online Pharmacies Use Fake Security Seals and Content Obfuscation to...
New research being presented tomorrow at RAID 2014 demonstrates that just two signals can automatically and effectively detect hundreds of malicious pages within 150,000 real-world samples with...
View ArticleClik here to view.
The Malicious 1% of Ads Served
Last week at IMC Vancouver 2014, cyber-security researcher Apostolis Zarras of Ruhr-University Bochum presented a research paper entitled “The Dark Alleys of Madison Avenue, Understanding Malicious...
View ArticleClik here to view.
Not so fast my friend - Using Inverted Timing Attacks to Bypass Dynamic Analysis
We're very happy that a lot of you are enjoying our research. If you'd like to discuss this topic with us, please tweet @LastlineLabs or comment on HackerNews and we'll join you!Authored by: Arunpreet...
View ArticleClik here to view.
Ninety Five Percent of Carbanak Malware Exhibits Stealthy or Evasive Behaviors
We’ve talked a lot about the increasing sophistication of malware and the serious threats it poses. But it’s rare to be able to analyze malware that is evasive or stealthy and has already been deployed...
View Article