Analysis of Hancitor – When Boring Begets Beacon

Author: Brandon George What is Hancitor? Hancitor is a well-known malware loader that has been observed delivering FickerStealer, Sendsafe, and Cobalt Strike Beacon if the victim targeting conditions are met. In recent months, more threat intelligence has been gathered as to what the attackers’ goals are when Hancitor is used to deliver Cobalt Strike Beacon […]


In late February, while tracking a malicious spam campaign from the Qakbot distributor “TR,” Binary Defense’s analysts identified a new version of IcedID being delivered through malicious Word and Excel files. The updated IcedID has a new first stage loading mechanism, which we’ve dubbed “gziploader,” along with new encryption algorithms for hiding its configuration and […]

What is YARA? Get to know this malware research tool

Written By: Stephan Simon The official GitHub repository for YARA describes it as “a tool aimed at (but not limited to) helping malware researchers to identify and classify malware samples.” YARA allows anyone to create “descriptions” known as rules based on text or binary patterns. Although it can be used to detect patterns for any […]

Cybercriminals Using Coronavirus Scare to Spread Malware

With all the news around COVID-19/Coronavirus, the average person is turning to the internet for real-time advice and updates about the pandemic. With the increase in web traffic, cybercriminals are taking advantage of the scare to catch people with their guard down.  By creating emails and websites that mirror, and in some cases, function, like […]

Emotet Wi-Fi Spreader Upgraded

This an update to an early article regarding the emerging cyberthreat of Emotet Wifi Spreader. Executive Summary Binary Defense analysts previously discovered a stand-alone program for spreading Emotet infections over Wi-Fi networks. Although the spreader had been recently delivered by Emotet command and control (C2) servers, the program itself had not been changed for at […]