Analysis of packed variation of Agent Tesla

In December 2020, one of our tLab system clients, the Center for the Development of Human Resources JSC, received malicious software on their corporate email. The malware was not detected at the static, signature level by antivirus software, but at the behavioral and heuristic levels by the tLab system. The examination results revealed it was a zero-day threat. The date of creation of the sample matches the day of its discovery.

More
07.01.2021

AveMaria/WARZONE RAT Analysis

On 13 October 2020reported a massive attack on Kazakhstan citizens caused by AveMaria malware. The trojan is used by cybercriminals to remotely access the victim’s computer and obtain sensitive data. AveMaria has many variations with different malicious payload.f

More
09.12.2020

Analysis of Rising Sun backdoor from APT Lazarus in the tLab system

In December 2018, McAfee released a report on a large malware campaign targeting the financial, energy, and other sectors of the economy, called Operation Sharpshooter. The North Korean APT group Lazarus is responsible for the numerous attacks.

More
16.10.2020

WannaCry cryptoworm analysis in tLab system

In May 12, 2017 a mass attack by WannaCry virus-cryptographer aimed almost all versions of MS Windows took place. As a result of the attack more than 75,000 computers were infected around the world, including countries like UK, Spain, Germany, Russia. In addition officially computers in large companies in Kazakhstan were victims to the attack.

More
13.05.2017

New cyber attack trend - "Spy in the browser" (malicious Google Chrome extension)

This article was prepared by a team of malware analysts of the company & T Security T, T&T Team RE {Arny, Cyberhunter, Griner}. In 2014, Google for the first time removed malicious Chrome browser extensions from their online store. Since then, the trend of malicious application or extension creation for Chrome is increasing.

More
08.05.2016