Found 35 bookmarks
Custom sorting
LockBit Ransomware v4.0
LockBit Ransomware v4.0
Malware Analysis Report - LockBit Ransomware v4.0 In this blog post, I’m going over my analysis for the latest variant of LockBit ransomware - version 4.0. Throughout this blog, I’ll walk through all the malicious functionalities discovered, complete with explanations and IDA screenshots to show my reverse engineering process step by step. This new version of LockBit 4.0 implements a hybrid-cryptography approach, combining Curve25519 with XChaCha20 for its file encryption scheme. This version shares similarities with the older LockBit Green variant that is derived from Conti ransomware. While the multi-threading architecture seems more streamlined than previous versions, it still delivers an encryption speed that outpaces most other ransomware families. As always, LockBit is still my most favorite malware to look at, and I certainly enjoyed doing a deep dive to understand how this version works.
#chuongdong#EN#2025#Malware#Analysis#Report#LockBit#LockBit4.0#ransomware
·chuongdong.com·
LockBit Ransomware v4.0
Rafel RAT, Android Malware from Espionage to Ransomware Operations
Rafel RAT, Android Malware from Espionage to Ransomware Operations
Android, Google’s most popular mobile operating system, powers billions of smartphones and tablets globally. Known for its open-source nature and flexibility, Android offers users a wide array of features, customization options, and access to a vast ecosystem of applications through the Google Play Store and other sources. However, with its widespread adoption and open environment comes the risk of malicious activity. Android malware, a malicious software designed to target Android devices, poses a significant threat to users’ privacy, security, and data integrity. These malicious programs come in various forms, including viruses, Trojans, ransomware, spyware, and adware, and they can infiltrate devices through multiple vectors, such as app downloads, malicious websites, phishing attacks, and even system vulnerabilities.
#checkpoint#EN#2024#Rafel#RAT#Android#Malware#Ransomware#Operations
·research.checkpoint.com·
Rafel RAT, Android Malware from Espionage to Ransomware Operations
New MortalKombat ransomware and Laplas Clipper malware threats deployed in financially motivated campaign
New MortalKombat ransomware and Laplas Clipper malware threats deployed in financially motivated campaign
Since December 2022, Cisco Talos has been observing an unidentified actor deploying two relatively new threats, the recently discovered MortalKombat ransomware and a GO variant of the Laplas Clipper malware, to steal cryptocurrency from victims.
#talosintelligence#EN#2023#MortalKombat#ransomware#Laplas#Clipper#malware#threats
·blog.talosintelligence.com·
New MortalKombat ransomware and Laplas Clipper malware threats deployed in financially motivated campaign
New MortalKombat ransomware and Laplas Clipper malware threats deployed in financially motivated campaign
New MortalKombat ransomware and Laplas Clipper malware threats deployed in financially motivated campaign
Since December 2022, Cisco Talos has been observing an unidentified actor deploying two relatively new threats, the recently discovered MortalKombat ransomware and a GO variant of the Laplas Clipper malware, to steal cryptocurrency from victims.
#talosintelligence#EN#2023#MortalKombat#ransomware#Laplas#Clipper#malware#threats
·blog.talosintelligence.com·
New MortalKombat ransomware and Laplas Clipper malware threats deployed in financially motivated campaign