Powrprof.dll library: malware analysis 

Powrprof.dll library: malware analysis 

In this analysis, the library powrprof.dll was taken in consideration, which is identified by OSINT sources mainly due to heuristic and behavioural detections and machine learning algorithm

DISCOVER MORE
Cactus Ransomware: malware analysis

Cactus Ransomware: malware analysis

Important elements of the analysis:  Introduction  Cactus Ransomware is a new threat, first identified in March 2023, with some special characteristics. It is distributed in compromised infrastructures mainly using certain Fortinet VPN vulnerabilities as an attack vector, allowing unauthorized access. The main feature of this ransomware is the auto-encryption, so the encryption of the ransomware […]

DISCOVER MORE
Journey into Raccoon’s lair

Journey into Raccoon’s lair

Raccoon Infostealer was born in April 2019 as a Malware As a Service (MaaS), immediately establishing itself as one of the most widespread and efficient malware infostealers around; a malicious software that infects computers and steals personal information, including e-mail addresses, identification numbers, bank account information, and cryptocurrency information. The most common methods used by […]

DISCOVER MORE
Security Advisory: MicroFocus Filr Appliance 3.0 build 4670 (Exposed LDAP Credential)

Security Advisory: MicroFocus Filr Appliance 3.0 build 4670 (Exposed LDAP Credential)

Swascan Offensive Security Team has identified Information Disclosure vulnerabilities on the digital assets of MicroFocus Filr Appliance 3.0 (build 4670). The vulnerability was identified during a Penetration Test activity on a customer that exposes the Filr application. Having the administrator credentials available we were able to view, in one of the responses, the LDAP configuration […]

DISCOVER MORE
Qakbot; Black Basta ransomware delivery

Qakbot; Black Basta ransomware delivery

Qakbot, also known as Qbot, is a banking malware and infostealer that primarily spreads through phishing emails and exploit kits. It was first discovered in 2008 and has since been a significant problem for organizations and users globally. Qakbot is designed to infect Windows operating systems and take control of computers and corporate networks. Once […]

DISCOVER MORE
Security Advisory: Dolibarr 17.0.0 PHP Code Injection (CVE-2023-30253)

Security Advisory: Dolibarr 17.0.0 PHP Code Injection (CVE-2023-30253)

Swascan Offensive Security Team has identified a vulnerability on Dolibarr 17.0.0. The vulnerability can be tracked with id CVE-2023-30253. The vulnerability has been fixed in Dolibarr 17.0.1. Product description Dolibarr ERP & CRM is a modular software of business management which adapts to the size of the company (SME, Large companies, Frelancers or associations). Technical […]

DISCOVER MORE
LockBit MacOS Malware Analysis 

LockBit MacOS Malware Analysis 

Important elements of the analysis:  Introduction  In the present analysis, a sample of LockBit (macOS variant) with hash abf01633960dd77c6137175a21fccf34 was considered.  The artifact is developed in C++ and compiled with macOS SDK 11.3.0 with ARM architecture.  Below is a detail of the hexadecimal code of the entrypoint address 10000b0d4:  Malware assessment  By examining the assembly […]

DISCOVER MORE
Report: Wipers – Hackmageddon’s ultimate weapon

Report: Wipers – Hackmageddon’s ultimate weapon

In the present analysis, some of the most widespread Wiper malware was considered. Important elements of the analysis: Recently, a new threat is posing a serious risk to the cybersecurity of companies and administrations around the world: these are “Wiper” malware, which are designed to erase data on infected computer systems, causing irreparable damage to […]

DISCOVER MORE
Press release: Tinexta Cyber makes an exponential leap in cybersecurity with Google Cloud’s Chronicle

Press release: Tinexta Cyber makes an exponential leap in cybersecurity with Google Cloud’s Chronicle

Milano, April 13th 2023 – Tinexta Cyber (Tinexta Group’s Cyber Business Unit) announced today a partnership with Google Cloud that will make more effective defense systems available on the market to deal with cyber threats. The agreement will allow the companies belonging to Tinexta Group’s cybersecurity unit, namely Corvallis, Swascan, and Yoroi, to access Google […]

DISCOVER MORE
Beep Malware: static and dynamic analysis

Beep Malware: static and dynamic analysis

Important elements of the analysis: Introduction  In the present analysis, a sample of Beep malware with hash ab5dc89a301b5296b29da8dc088b68d72d8b414767faf15bc45f4969c6e0874e was taken in consideration. The threat in question has become rather well known within the security community due to the fact that it uses multiple and advanced anti-VM, anti-debugging, evasion, and anti-analysis techniques. The malware performs the […]

DISCOVER MORE