Category: Code
2018-09-18 Emotet maldocs labeled as “Invoices”
Looking through the email filters in on the 18th of September, I managed to find a small batch of emotet emails from the same sender. The emails themselves tried to spoof email addresses, but Outlook ended up displaying both emails (the spoof and the true sender). Looking through the small…
Deobfuscating an Emotet MalDoc Script
2017-08-28 Malspam Leads To Emotet Malware
2017-08-04 Quick Post – Deobfuscating the Javascript from “Blank Slate” malspam Pushing Gryphon Ransomware (A BTCware variant)
Just a quick one for today. I saw Brad’s tweet about a sample of Blank Slate malspam and decided to see if I could find some today while at work. Thankfully the email filters did their job and all of them were blocked. Brad also blogged about this over on…
2017-05-31 Cleaned Up Script from Jaff Ransomware
2017-05-19 Deobfuscating Malicious Javascript
Just a quick post for today’s blog. Once again went digging through some emails looking for some badness and came across an email that had a zipped Javascript file in it. Seeing this I thought that I would take a crack at trying to deobfuscate the script. I’ll post later…
2017-05-03 Smokeloader/Dofoil malware from Malspam
Walk through of a VBS script
2018-09-18 Emotet maldocs labeled as “Invoices”
Looking through the email filters in on the 18th of September, I managed to find a small batch of emotet emails from the same sender. The emails themselves tried to spoof email addresses, but Outlook ended up displaying both emails (the spoof and the true sender). Looking through the small…
Deobfuscating an Emotet MalDoc Script
2017-08-28 Malspam Leads To Emotet Malware
2017-08-04 Quick Post – Deobfuscating the Javascript from “Blank Slate” malspam Pushing Gryphon Ransomware (A BTCware variant)
Just a quick one for today. I saw Brad’s tweet about a sample of Blank Slate malspam and decided to see if I could find some today while at work. Thankfully the email filters did their job and all of them were blocked. Brad also blogged about this over on…
2017-05-31 Cleaned Up Script from Jaff Ransomware
2017-05-19 Deobfuscating Malicious Javascript
Just a quick post for today’s blog. Once again went digging through some emails looking for some badness and came across an email that had a zipped Javascript file in it. Seeing this I thought that I would take a crack at trying to deobfuscate the script. I’ll post later…