Blog
The latest from Swascan: news, stories and events from the company and the Cyber world.
Temu: Android analysis
Temu is a new e-commerce application, available for Windows, Android and iOS, which allows the purchase of various products at very low prices. Several concerns and fears about data security and user privacy emerged after the publication of the analysis prepared by GlizzlyReports
DISCOVER MORE
VenomRAT Darknet: malware analysis
In the present analysis a malware sample of VenomRAT obtained from a Darknet forum, which only allows the download of source code and compiled samples if there is a reaction to the post by a user.
DISCOVER MORE
XWorm Darknet: malware analysis
In the present analysis, a malware sample XWorm obtained from a Darknet forum was considered, which only allows the download of source code and compiled samples if there is a reaction to the post by a user.
DISCOVER MORE
Powrprof.dll library: malware analysis
In this analysis, the library powrprof.dll was taken in consideration, which is identified by OSINT sources mainly due to heuristic and behavioural detections and machine learning algorithm
DISCOVER MORE
Cactus Ransomware: malware analysis
Important elements of the analysis: Introduction Cactus Ransomware is a new threat, first identified in March 2023, with some special characteristics. It is distributed in compromised infrastructures mainly using certain Fortinet VPN vulnerabilities as an attack vector, allowing unauthorized access. The main feature of this ransomware is the auto-encryption, so the encryption of the ransomware […]
DISCOVER MORE
Journey into Raccoon’s lair
Raccoon Infostealer was born in April 2019 as a Malware As a Service (MaaS), immediately establishing itself as one of the most widespread and efficient malware infostealers around; a malicious software that infects computers and steals personal information, including e-mail addresses, identification numbers, bank account information, and cryptocurrency information. The most common methods used by […]
DISCOVER MORE
Security Advisory: MicroFocus Filr Appliance 3.0 build 4670 (Exposed LDAP Credential)
Swascan Offensive Security Team has identified Information Disclosure vulnerabilities on the digital assets of MicroFocus Filr Appliance 3.0 (build 4670). The vulnerability was identified during a Penetration Test activity on a customer that exposes the Filr application. Having the administrator credentials available we were able to view, in one of the responses, the LDAP configuration […]
DISCOVER MORE
Qakbot; Black Basta ransomware delivery
Qakbot, also known as Qbot, is a banking malware and infostealer that primarily spreads through phishing emails and exploit kits. It was first discovered in 2008 and has since been a significant problem for organizations and users globally. Qakbot is designed to infect Windows operating systems and take control of computers and corporate networks. Once […]
DISCOVER MORE
Security Advisory: Dolibarr 17.0.0 PHP Code Injection (CVE-2023-30253)
Swascan Offensive Security Team has identified a vulnerability on Dolibarr 17.0.0. The vulnerability can be tracked with id CVE-2023-30253. The vulnerability has been fixed in Dolibarr 17.0.1. Product description Dolibarr ERP & CRM is a modular software of business management which adapts to the size of the company (SME, Large companies, Frelancers or associations). Technical […]
DISCOVER MORE
LockBit MacOS Malware Analysis
Important elements of the analysis: Introduction In the present analysis, a sample of LockBit (macOS variant) with hash abf01633960dd77c6137175a21fccf34 was considered. The artifact is developed in C++ and compiled with macOS SDK 11.3.0 with ARM architecture. Below is a detail of the hexadecimal code of the entrypoint address 10000b0d4: Malware assessment By examining the assembly […]
DISCOVER MORE
