en
Get a Demo
Navigation Arrow Left Back
Navigation Close
Get a Demo
Anchor Project For Trickbot Adds ICMP
Crimeware

Anchor Project for Trickbot Adds ICMP
Jason Reaves /

The team behind Trickbot has been aggressively updating and deploying various modules including Anchor and Bazar Loader targeting high-value targets, including healthcare entities

Read More
Enter The Maze Demystifying An Affiliate Involved In Maze Snow 9
Crimeware

Enter the Maze: Demystifying an Affiliate Involved in Maze (SNOW)
Jason Reaves /

SentinelLabs profiles an affiliate involved with Maze ransomware and details the actor’s involvement with other crimeware families, including TrickBot.

Read More
Breaking EvilQuest Reversing A Custom MacOS Ransomware File Encryption Routine 8
Security Research

Breaking EvilQuest | Reversing A Custom macOS Ransomware File Encryption Routine
Jason Reaves /

A new macOS ransomware threat uses a custom file encryption routine not based on public key encryption. Jason Reaves shows how we broke it.

Read More
Valak Malware And The Connection To Gozi Loader ConfCrew 1
Crimeware

Valak Malware and the Connection to Gozi Loader ConfCrew
Jason Reaves /

Valak uses a multi-stage, script-based malware that hijacks email replies and embeds malicious URLs or attachments to infect devices with fileless scripts.

Read More
Sarwent Malware Continues To Evolve With Updated Command Functions 6
Security Research

Sarwent Malware Continues to Evolve With Updated Command Functions
Jason Reaves /

Sarwent has received little attention from researchers, but this backdoor malware is still being actively developed, with new commands and a focus on RDP.

Read More
Deep Dive Into TrickBot Executor Module “mexec” Reversing The Dropper Variant 7
Crimeware

Deep Dive Into TrickBot Executor Module “mexec”: Reversing the Dropper Variant
Jason Reaves /

Continuing our earlier analysis of the TrickBot Executor Module “mexec”, we take a look at the dropper variant and reveal how it carries its payload onboard.

Read More
Deep Dive Into TrickBot Executor Module Mexec Hidden Anchor Bot Nexus Operations 4
Crimeware

Deep Dive Into TrickBot Executor Module “mexec”: Hidden “Anchor” Bot Nexus Operations
Jason Reaves /

New “mexec” module delivers tertiary malware and allows TrickBot to pivot within a network, deploy a variety of payloads and evade common detection methods.

Read More
Breaking TA505s Crypter With An SMT Solver 1
Advanced Persistent Threat

Breaking TA505’s Crypter with an SMT Solver
Jason Reaves /

TA505 threat group use a crypter common to Clop/CryptoMix ransomware and others. We tear it down with a new unpacker utilizing SMT.

Read More
Revealing The Trick A Deep Dive Into TrickLoader Obfuscation 2
Crimeware

Revealing the Trick | A Deep Dive into TrickLoader Obfuscation
Jason Reaves /

TrickBot’s loader has received much less attention than other components of the malware. Jason Reaves shows how to reverse engineer the TrickLoader function.

Read More