AnyRun | Breaking Cybersecurity News | The Hacker News

Nowadays, more malware developers are using unconventional programming languages to bypass advanced detection systems. The Node.js malware Lu0Bot is a testament to this trend. By targeting a platform-agnostic runtime environment common in modern web apps and employing multi-layer obfuscation, Lu0Bot is a serious threat to organizations and individuals. Although currently, the malware has low activity, the attackers are likely waiting for the right moment to strike.  To be prepared for any future scenario, a team of analysts conducted an in-depth technical analysis of one of the recent samples of Lu0Bot and  published an article  documenting their process. Here's an overview of their research. Static analysis of the Lu0Bot sample  The  sample  under investigation used an SFX packer, a self-extracting archive that can be opened with any archive utility. Its contents were explored individually. Archive contents 1. BAT-file The content of the BAT file The first line in the

XWorm is a relatively new representative of the remote access trojan cohort that has already earned its spot among the most persistent threats across the globe.  Since 2022, when it was first observed by researchers, it has undergone a number of major updates that have significantly enhanced its functionality and solidified its staying power.  The analyst team at  ANY.RUN  came across the newest version of the malware and could not refuse the opportunity of taking it apart to examine XWorm mechanics configurations. Here is how they did it and what they found.  The XWorm sample's source  The sample in question was discovered in ANY. RUN's database of malware, a repository containing detailed analysis reports on all files and links that have been uploaded by users of the sandbox in public mode.  A quick look at the results of the analysis revealed that the sample was initially distributed via MediaFire, a file-hosting service. The malware was packaged in a RAR archive and p

The introduction of Open AI's ChatGPT was a defining moment for the software industry, touching off a GenAI race with its November 2022 release. SaaS vendors are now rushing to upgrade tools with enhanced productivity capabilities that are driven by generative AI. Among a wide range of uses, GenAI tools make it easier for developers to build software, assist sales teams in mundane email writing, help marketers produce unique content at low cost, and enable teams and creatives to brainstorm new ideas.  Recent significant GenAI product launches include Microsoft 365 Copilot, GitHub Copilot, and Salesforce Einstein GPT. Notably, these GenAI tools from leading SaaS providers are paid enhancements, a clear sign that no SaaS provider will want to miss out on cashing in on the GenAI transformation. Google will soon launch its SGE "Search Generative Experience" platform for premium AI-generated summaries rather than a list of websites.  At this pace, it's just a matter of a short time befo

However, manual lab setup and configuration can prove to be a laborious and time-consuming process. In this article, we'll look at 4 ways to create a reverse engineering lab, discuss how to save time, and, potentially, improve the detection rate using a  sandbox-as-a-service , and a recommended list of tools for a comprehensive setup. What is a malware analysis lab? In essence, a malware analysis lab provides a safe, isolated space for examining malware. The setup can range from a straightforward virtual machine using VirtualBox to a more intricate network of interconnected machines and actual networking hardware. But in this article, we'll look at building a lab tailored for static analysis, so what we will need is a secure environment where we can run disassemblers, edit binary files and debug. There are a couple of ways we can go about creating it: 1 — Virtualization Perhaps the simplest way to create a secure and isolated environment is by using a virtual machine.

Unknown malware presents a significant cybersecurity threat and can cause serious damage to organizations and individuals alike. When left undetected, malicious code can gain access to confidential information, corrupt data, and allow attackers to gain control of systems. Find out how to avoid these circumstances and detect unknown malicious behavior efficiently.  Challenges of new threats' detection While known malware families are more predictable and can be detected more easily, unknown threats can take on a variety of forms, causing a bunch of challenges for their detection: Malware developers use polymorphism, which enables them to modify the malicious code to generate unique variants of the same malware.  There is malware that is still not identified and doesn't have any rulesets for detection. Some threats can be Fully UnDetectable (FUD) for some time and challenge perimeter security.  The code is often encrypted, making it difficult to detect by signature-based

Raccoon Stealer is back on the news again. US officials arrested Mark Sokolovsky, one of the malware actors behind this program. In July 2022, after several months of the shutdown, a Raccoon Stealer V2 went viral. Last week, the Department of Justice's press release stated that the malware collected 50 million credentials. This article will give a quick guide to the latest info stealer's version. What is Raccoon infostealer V2? Raccoon Stealer  is a kind of malware that steals various data from an infected computer. It's quite a basic malware, but hackers have made Raccoon popular with excellent service and simple navigation.  In 2019, Raccoon infostealer was one of the most discussed malware. In exchange for $75 per week and $200 per month, cybercriminals sold this simple but versatile info stealer as a MaaS. The malware was successful in attacking a number of systems. In March 2022, however, threat authors ceased to operate.  An updated version of this malware was r

Before hunting malware, every researcher needs to find a system where to analyze it. There are several ways to do it: build your own environment or use third-party solutions. Today we will walk through all the steps of creating a custom malware sandbox where you can perform a proper analysis without infecting your computer. And then compare it with a ready-made service. Why do you need a malware sandbox?  A sandbox allows detecting cyber threats and analyzing them safely. All information remains secure, and a suspicious file can't access the system. You can monitor malware processes, identify their patterns and investigate behavior. Before setting up a sandbox, you should have a clear goal of what you want to achieve through the lab.  There are two ways how to organize your working space for analysis: Custom sandbox.  Made from scratch by an analyst on their own, specifically for their needs. A turnkey solution.  A versatile service with a range of configurations to meet yo

One of the most dangerous and infamous threats is back again. In January 2021, global officials took down the botnet. Law enforcement sent a destructive update to the Emotet's executables. And it looked like the end of the trojan's story.  But the malware never ceased to surprise.  November 2021, it was reported that TrickBot no longer works alone and delivers Emotet. And ANY.RUN with colleagues in the industry were among the first to notice the emergence of Emotet's malicious documents. First Emotet malicious documents And this February, we can see a very active wave with crooks running numerous attacks, hitting the top in the rankings. If you are interested in this topic or researching malware, you can make use of the special help of  ANY.RUN , the interactive sandbox for the detection and analysis of cyber threats. Let's look at the new version's changes that this disruptive malware brought this time.  Emotet history Emotet is a sophisticated, constantly