PepperMalware Research

Analysis of Malicious ElectrumX Servers Source Code

Some months ago it was reported in reddit a post about malicious servers on the Electrum network performing phishing attacks against the users of the…

Dec 2, 2019 • PepperMalware

November 2019

Brief analysis of Redaman Banking Malware (v0.6.0.2) Sample

Redaman is a well-known banking malware, discovered around 2015.

Nov 5, 2019 • PepperMalware

July 2019

Analysis of the Frenchy Shellcode

In this post I analyze a shellcode that I have named "Frenchy shellcode" because of the mutex that it creates (depending on the version…

Jul 30, 2019 • PepperMalware

May 2019

Quick Analysis of AgentTesla SMTP Variant Sample (dated 08-05-2019)

In this post I perform a quick analysis of a recent AgentTesla SMTP variant sample, paying special attention to the strings decryptor (most of the…

May 13, 2019 • PepperMalware

April 2019

Analysis of .Net Deucalion IrcBot Sample Obfuscated with ConfuserEx+KoiVM

In this post I perform a quick analysis of a sample that seems to be an ircbot, named alphaircbot (based on the any.run tags) or deucalion (based on the…

Apr 15, 2019 • PepperMalware

March 2019

Analysis of .Net Stealer GrandSteal (2019-03-18)

In this post I share my notes about the analysis of a sample (an stealer written in .Net) whose family is unknown to me (any feedback is welcome, if you…

Mar 23, 2019 • PepperMalware

Analysis of BlackMoon (Banking Trojan)'s Evolution, And The Possibility of a Latest Version Under Development

BlackMoon, also known as KrBanker, is a banking trojan that mainly targets South Korea.

Mar 18, 2019 • PepperMalware

Quick Analysis of a Trickbot Sample with NSA's Ghidra SRE Framework

This post is not a deep analysis of TrickBot.

Mar 6, 2019 • PepperMalware

January 2019

Analysis of Neutrino Bot Sample (dated 2018-08-27)

In this post I analyze a Neutrino Bot sample.

Jan 2, 2019 • PepperMalware