Hugo CaronNov 15, 2022

Finally, my research on Gracewire and a P2P malware that used the same VFS.

https://blog.codsec.com/posts/malware/gracewire_adventure/

https://github.com/y0ug/gracewire_research/

After so long, this took way more time than expected to compile my notes and scripts.

A lot of python scripts, some @qiling too

@[email protected] post https://www.msreverseengineering.com/blog/2021/3/2/an-exhaustively-analyzed-idb-for-flawedgrace was a saver, thank you.

#malware #malwareanalysis #threatintel #qiling #gracewire #flawedgrace

GraceWire / FlawedGrace malware adventure

This is some note about the Gracewire malware that I come across in last year during some investigation. Maybe this will help people who are working on it. I’ve documented the persistence mechanism and the recovery mechanism for the Virtual File System (aka the configuration) The persistence mechanism was well hidden beneath a lot of layers and allowed it to be fileless. They change the ComHandler of an existing Windows Task schedule.

Hugo CaronNov 10, 2022
I'm trying to get my note together on Gracewire, so I can post about the VFS it used and the P2P botnet using the same VFS. That was in February this year, not sure if it's still up, I'm trying to ping some old nodes 🀞. #malware #gracewire #p2p #vfs #malwareanalysis #threatintel
ITSEC NewsJan 31, 2020
Evil Corp Returns With New Malware Infection Tactic - Researchers have observed the cybercrime group back in action, now using a new tactic for distribu... more: https://threatpost.com/evil-corp-returns-with-new-malware-infection-tactic/152430/ #maliciousexceldocument #vulnerabilities #htmlredirector #phishinggroup #websecurity #infostealer #cybercrime #gracewire #microsoft #evilcorp #trojan #hacks #excel
Evil Corp Returns With Ongoing Phishing Campaign

Researchers have observed the cybercrime group back in action, now using a new tactic for distributing malware.

Threatpost - English - Global - threatpost.com