News • Insights • Analysis
This week, the Sonicwall Capture Labs threat research team analyzed a new Golang malware sample. It uses multiple geographic checks and publicly available packages to screenshot the system before installing a root certificate to the Windows registry for HTTPS communications Read More …
Malware, like many complex software systems, relies on the concept of software configuration. Configurations establish guidelines for malware behavior and they are a common feature among the various malware families Unit 42 examine. The configuration data embedded within malware can Read More …
Unit 42 researchers recently discovered a Guloader variant that contains a shellcode payload protected by anti-analysis techniques, which are meant to slow human analysts and sandboxes processing this sample. To help speed analysis for this sample and others like it, Read More …
For the past four years, an Italian company has operated a seemingly legitimate website and business, offering to provide binary protection against reverse engineering for Windows applications, but has secretly advertised and provided its service to malware gangs. The company’s Read More …
NetWire is a publicly-available RAT that has been used by criminal organizations and other malicious groups since 2012. NetWire is distributed through various campaigns, and we usually see it sent through malicious spam (malspam). GuLoader is a file downloader that was first discovered Read More …
