Virtual Machine Introspection in Malware Analysis

This article will illustrate how Virtual Machine Introspection can be applied to malware analysis. It will be more focused on malware analysis on Windows architectures. All malwares analysis posted in our blog are done with the help of the dynamic analysis system based on Virtual Machine Introspection technology. In general, the term introspection is the observation and the examination of …

SAFE Olympic Malware

Pyeongchang Olympic Games Targeted Cyber-attack

A new cyber-attack has been recently discovered targeting the Pyeongchang 2018 Olympic Games. The Guardian posted an article about technical issues before the opening ceremony: “Reporters at the Pyeongchang Olympic Stadium noticed that the internet wifi stopped working shortly before the ceremony while the televisions and wifi at the main press centre also stopped. Pyeongchang 2018 was also forced to …

SAFE - BadRabbit Ransomware analysis

BadRabbit Ransomware analysis

BadRabbit is a ransomware used in a cyberattack which targeted eastern Europe and Russia in October 2017. The name Bad Rabbit was given to this malware because of its presence on the ransom website. Just like NotPetya, BadRabbit uses EternalRomance to spread into networks and brute force access on computers based on a default credentials list.   BadRabbit Execution Flow …

NotPetya Ransomware analysis

NotPetya is a ransomware and a wiper used in a cyberattack which targeted Ukraine on the 27th of June. Like WannaCry, this malware can spread using the known exploit Eternal Blue. In addition to that, this malware implements some other techniques to compromise Windows operating systems of the same network even if they are patched with the MS17-010 Patch. By …

WannaCry Ransomware analysis

WannaCry also known as WanaCrypt or Wanacrypt0r 2.0 is a ransomware used in a worldwide cyberattack which started on the 13th of May 2017. This malware spreads on the internet by using a known exploit called Eternal Blue. Because of this exploit, more than 300k computers have been infected in over 150 countries. Eternal Blue is an exploit that uses …