Portfolio

AVCRYPT Ransomware Technical Analysis


Overview Here at Sequretek Malware Analysis lab (SMA-LAB) we observed a new type of clever and sophisticated Ransomware variant dubbed as “AVCRYPT” which attempts to uninstall existing security software present on the victim PCs before performing its malevolent activities. AVCRYPT was discovered by cyber-security researchers which include Lawrence Abrams, MalwareHunterTeam and Michael Gillespie. Technical Analysis […]


Read more

Saturn Ransomware


Introduction Once infected, Saturn ransomware executes commands to disable Windows repair and clear Windows backup catalog. It encrypts the files and adds Saturn to their name. The ransomware also leaves a ransom note in each folder, which contains a link to the payment site. The authors of the newly-discovered Saturn ransomware are allowing anyone to […]


Read more

Analysis of the Document Exploit Targeting CVE-2017-11826


Zero-Days Exploit (cve-2017-11826)-Memory Corruption Vulnerability File Details Filename cve-2017-11826.doc.bin Size 680,268 Bytes MD5 B2AE500B7376044AE92976D9E4B65AF8 SHA1 7352EA59DCD83C3A72784DC381A7B6B5616C6629 SHA256 CB3429E608144909EF25DF2605C24EC253B10B6E99CBB6657AFA6B92E9F32FB5   Static Analysis Basic information Latest Patch of Microsoft brought patches for 62 vulnerabilities, including one that fixed СVE-2017-11826 critical zero-day vulnerability used to launch targeted attacks – in all versions of Microsoft Office. To control the memory content at […]


Read more

Technical analysis of Bad Rabbit Ransomware


2017 has already seen huge impact of ransomware outbreaks, namely Wannacry and NotPetya and as we come close to the end of the year, another one adds to the list. Bad Rabbit, named such because the authors named the page such where they demand the ransom alongwith bitcoin details   Early infection reports suggest the […]


Read more

Petya or NotPetya ? That is the Question..


Earlier this week, a new malware with characteristics of ransomware and wiper surfaced with resemblance of Petya, a previous ransomware. Based on our preliminary findings we think this is not a variant of Petya ransomware as publicly reported, but with much more different capabilities and affects. This appears to be a complex attack which involves […]


Read more

Analysis of the Exploit Targeting CVE-2017-0262


EPS Processing Zero-Days Exploited File Details Filename 6785e29698444243677300db6a0c519909ae9e620d575e76d9be4862b33ed490.bin Size 251,036 Bytes MD5 2ABE3CC4BFF46455A945D56C27E9FB45 SHA1 0BD354D1EEA9E4864F4C17E6C22BFDB81D88DDEE SHA256 6785E29698444243677300DB6A0C519909AE9E620D575E76D9BE4862B33ED490 Technologies Affected Microsoft Office 2010 Service Pack 2 (32-bit editions) Microsoft Office 2010 Service Pack 2 (64-bit editions) Microsoft Office 2013 RT Service Pack 1 Microsoft Office 2013 Service Pack 1 (32-bit editions) Microsoft Office 2013 Service Pack […]


Read more

Technical Analysis and Overview of Wannacry Ransomware


Summary A recent ransomware outbreak occurred termed as “WannaCry”, a different kind of ransomware as compared to the usual traditional ransomwares. This ransomware possesses worm like features, uses Eternalblue exploit which exploits the Microsoft Windows SMB Server vulnerability (MS 17-010). It scans for the vulnerable computers over the network and then performs the attack rather […]


Read more

New propagation mechanism from Mole Ransomware


The group/people behind Mole ransomware campaign are, as any other active Malware Group, continuously working to remain one step ahead of anti-malware organisations and trying to be evasive and persistent. As researched by us earlier and published in our blog, Mole ransomware have been changing their infection mechanisms and binaries and now there is a […]


Read more

New Ransomware variant Mole campaign using fake word documents


There seems to be a new ransomware in the wild getting distributed through SPAM and engineered phishing web interface of fake online word Document. Distribution technique used by attackers are Spam emails, malicious URLs, malicious attachments, exploit kits, freeware etc. Spam mail Rig Exploit Kit Traffic Source: isc.sans.edu When a user clicks on the enclosed […]


Read more