Malware Analysis

Introduction During my daily blue-team operations I stumbled across a lightning fast infection chain, all started with a suspicious attachment received via e-mail through a compromised supplier address. Since the installed security solution blocked only the first stage payload, I took charge of the alerts and decided to deep dive and analyze the sample. Analysis The initial access vector is a .zip archive, downloaded from the web, containing the following files:...

Introduction During my daily blue-team operations I stumbled across a series of similar infection chains, all started with an infected thumb drive. Since the installed security solution detected with a generic signature the threat but didn’t block it, I took charge of the alerts and decided to deep dive and analyze the sample. Analysis The initial access vector is an infected USB stick, used to transfer files to a copy shop, containing the following files:...