Threat Research

    Cascading Shadows: An Attack Chain Approach to Avoid Detection and Complicate Analysis

    In December 2024, we identified a multi-stage attack chain used to deliver malware such as Agent Tesla variants, Remcos RAT, and XLoader. Attackers are increasingly adopting layered delivery tactics to bypass detection tools and traditional sandboxes. The phishing campaign we examined disguised itself as an order release request, delivering a malicious attachment....
    4/18/2025  0
    Read More »

    Uncovering .NET Malware Obfuscated by Encryption and Virtualization

    This article explores obfuscation techniques in popular malware families and highlights opportunities for automating the unpacking process. We analyze observed samples, demonstrating how to extract configuration parameters by unpacking each stage. Automating this process would enable sandboxes performing static analysis to retrieve critical malware configuration data....
    3/4/2025  0
    Read More »

    Technical Analysis of Xloader Versions 6 and 7

    "Technical Analysis of Xloader Versions 6 and 7 | Part 2" examines the advanced obfuscation techniques used by Xloader versions 6 and 7 to conceal critical code and data. The malware continues to employ hardcoded decoy lists to blend malicious C2 traffic with legitimate website traffic. These decoy lists and the actual C2 server are encrypted using separate keys and algorithms....
    2/14/2025  0
    Read More »
    Looking for Something?
    Threat Research Categories:
    Tags

    Privacy & Security StatementTerms & Conditions
    Copyright © 2026 by Gurucul - All rights reserved.