Technical Analysis of DearCry Ransomware

Note: This is a technical deep-dive into DearCry ransomware. If you want a preliminary analysis of the ransomware, you can find it here. The Network Intelligence team initiated a Static analysis of the ransomware sample we received. The team used a tool called PEstudio, which helps in the static analysis of executable files. Static Analysis […]

DearCry Makes Organisations Cry

Note: We have also done a technical analysis on DearCry. Read here. It’s a warm summer morning. While sipping your morning coffee, you access the work email. But you’re unable to log in. After trying a few tricks you’ve read up in some tech blogs, you reach out to your IT team. They remote log-in […]

Malware on Steroids – Part 2: Evading Antivirus in a Simulated Organizational Environment

Recap In the previous post, we wrote a simple CMD Reverse Shell over TCP. However, in a real-life scenario, things would be pretty different. In this post, we will be focusing on Evading Antivirus and covering the following topics: Creating a Simulated Environment using Windows Active Directory, DNS, Proxy and Firewall. Writing C/C++ code for […]

Reverse Engineering For Beginners – XOR encryption – Windows x64

Prologue In the previous blogpost, we reverse engineered a binary and extracted the password from within it. This binary however contained a plaintext password. This was good to start for beginners, but you won’t really find such types of binaries in today’s world. In real life, passwords are mostly obfuscated or encrypted. Most of the […]