McRat Malware Analysis – Part1

In this issue we are going to analyze McRat, a user’s data and passwords stealer. This malware is interesting since it makes use of some anti-debugging techniques and several encryption/obfuscation layers in order to prevent us from analyzing its code; the analysis will be divided in two parts, during the the first part we will bypass the […]

Malicious Java Applet Deobfuscation

On Sunday (13th January 2013), I’ve received an email from @it4sec with regards to a malicious Java applet that he had received. So I’ve decided to write about it since Java applet seems like a common thing used by ExploitKits recently. Recon Stage Since a .jar file is basically a sort of “container”, let’s use […]

An overview of Cythosia DDoS Bot

Cythosia v2 is a DDoS Botnet System has been published in BlackMarket Forums a while ago, we decided to publish an article shared on my private blog. Here at UIC R.E. Academy we strongly believe in sharing knowledge, for this reason we decided to publish articles, also not up to date, that could come handy/teach […]

Artro Botnet Anatomy Overview

Following the idea of knowledge sharing, here another article taken from my private blog and shared for our readers. Some time ago, while talking with Roman from abuse.ch, we found it necessary to give a more in depth look of a very active Botnet named Artro ( executable commonly identified as Win32/Renos or Trojan-Downloader.Win32.CodecPack ) […]

DarkComet Analysis – Understanding the Trojan used in Syrian Uprising

On February 17th the CNN published an interesting article, where some Syrian’s regime opponents claimed that the government was using a Trojan to monitor and disrupt the protestor’s network. Apparently the regime has been using a well-known social engineering technique: impersonate a trusted person then attack from the inside. It is not possible to confirm […]

Reverse Dxtory

It’s been a while since reversing of .NET applications began. I still remember the first tutorials on the subject and the first targets for which changing a few bytes with an hex editor was enough to fully remove the restrictions from. So much has changed: developers of both software and protections made the reversing process […]

RootSmart Android Malware Analysis

Android’s increasing popularity, combined with the possibility to create alternative markets, makes this platform a fertile ground for malware authors. While most of these applications just exploit the inexperience of the average user that is looking for free software, others are pretty smart and use more sophisticated techniques to take, and keep, control of the […]

Debugging Deadlocks on Android

Deadlocks are well known to be difficult to debug, especially when you’re dealing with a large amount of concurrent code. Fortunately on Android we have some tools that are more than useful to detect where a deadlock is happening. Debugging Deadlocks Probably in your developer life you’ll end up dealing with deadlocks at least a […]

Shylock via volatility

Shylock is a new Financial Malware, publicly reported for the first time on 7 September 2011. Additional informations on can be checked out from Mila’s blogpost http://contagiodump.blogspot.com/2011/09/sept-21-greedy-shylock-financial.html Tools Volatility MHL Malware Plugins Timeliner,RegistryApi, evtlogs Plugins Essay Memory Acquisition First step is the Memory Acquisition that can be accomplished essentially in two ways, depending essentially by […]

Morto Malware Analysis

Today we’re going to analyze Morto.A a malware which, in this weeks, is spreading in many Internet places. It’s a worm that allows unauthorized access to an infected computer and tries to compromise administrator passwords for Remote Desktop connections, through RDP protocol, on a network. Indeed this threat infecting computers by targeting accounts that have […]