When investigating a specific (e.g. certain regional flavors) malware campaign, the involved group of seemingly different samples may be large, but the actual infrastructure dropping the next stage malware usually is not. If you have a big database of latest malware, using our new context/similarity search, it has become a lot easier to quickly assess the scope and download network connections in bulk. That data can then be used to cross-reference check your corporate network and/or update your firewalls/defenses.
Let us start out with a recent financial malware campaign (note: to follow the steps, please login with your user account) that was immitating a financial group: https://www.hybrid-analysis.com/sample/e1b31fa2c0fb0744d449042298003c4d5471b86445267c8b953eccf58ab3cfae?environmentId=100
The more malware you share with the community at either https://www.hybrid-analysis.com/ or https://www.reverse.it/, the better we will be able to give back relevant data to the community. If you have any feature requests/comments or recommendations, drop us a line at email@example.com or https://twitter.com/payloadsecurity
|Content by Label|