Loki-Bot, a stealer-type malware, communicates via Windows’ TCP Protocol, storing encrypted endpoints for reliability. Its targets include Crypto Wallets, User Config, and Authentication Files, while ensuring persistence through the CurrentVer...

The Formbook malware is Stealer/Loader type malware that was first discovered in 2016. It operates as a Malware as a Service (Maas), meaning low level threat actors can simply just buy the malware and use it.

The Romcom malware is a backdoor-based malicious software that utilizes multiple communication protocols, including ICMP, TCP, and WinHttp. This versatile approach allows the malware to establish connections with its Command and Control (C2) s...

Since April 2023, a new information-stealing malware, known as Mystic Stealer, has been actively promoted on Russian hacking forums. The malware is available for purchase at the price of $150 per month or $390 per quarter.

Lockbit is a ransomware tool provided to affiliates by the Lockbit Gang. Its purpose is to cripple and encrypt a system’s network, compelling the victim to either pay the ransom or restore from a backup, resulting in an unknown outage time.

On the 4th of November, I wrote an analysis on Redline stealer. Looking back at the analysis now, it was very under-developed, mainly due to my lack of experience within the malware analysis sector. This blog will mainly be a revamp of the pre...

Arkei Stealer, first sighted in May 2018, can retrieve system data, browser data, crypto-wallet credentials which is then exfiltrated back to the threat actor’s listening post.

This was my analysis on the Wanna-cry ransomware, which I performed while I was studying in the TCM malware analysis lab.