In late February, while tracking a malicious spam campaign from the Qakbot distributor “TR,” Binary Defense’s analysts identified a new version of IcedID being delivered through malicious Word and Excel files. The updated IcedID has a new first stage loading mechanism, which we’ve dubbed “gziploader,” along with new encryption algorithms for hiding its configuration and […]

Qakbot Upgrades to Stealthier Persistence Method

Qakbot is a versatile banking trojan that until recently, focused primarily on theft of personal information and passwords.  However, following the trend toward ransomware set by Trickbot and other botnet malware families, Qakbot has recently shifted its goals to deliver post compromise attack platforms such as Cobalt Strike Beacon, with the final objective of loading […]

EmoCrash: Exploiting a Vulnerability in Emotet Malware for Defense

By: James Quinn Most of the vulnerabilities and exploits that you read about are good news for attackers and bad news for the rest of us. However, it’s important to keep in mind that malware is software that can also have flaws. Just as attackers can exploit flaws in legitimate software to cause harm, defenders […]