Monitoring Zeus P2P and Dyreza with malware lofts

Many malicious binaries use a command and control server centralised on a dedicated domain, which is simple to operate but likely to be shut down by specialised companies like Lexsi or LEAs. Malware authors have been using decentralised network infrastructures for a few […]

Ibanking: when malwares bypass the facebook OTP

Introduction Ibanking is a banking malware for the Android platform. Its features are similar to those of the other banking malwares. It includes SMS/call transfer and interception, identity theft, etc. This malware has impacted multiple banks in Europe since 2014. […]

QEMU + GDB + PE imports

QEMU implements a GDB server making it possible to attach to the operating system from outside the virtual machine, via the target remote command of the debugger. When analysing a Windows malware, this method is useful to bypass any anti-debug technique but […]