Hatching logo

LNK HTA Polyglot

  • 2018-11-12
  • Alwin Peppels
A little while ago, we came across an interesting attack vector using a polyglot LNK/HTA delivery mechanism We were interested to see how it would fare under Cuckoo, so we built one and ran it through the analysis.

Hatching Blog

Analysis on Locky dropper mechanisms

  • 2018-10-29
  • Jordan Zwan
This analysis aims to identify common code structures and methods typically used in various droppers associated with Locky ransomware. It is based on a sample set of 2631 JavaScript samples identified as dropper scrips delivering Locky. The results are illustrated through the analysis of three samples.

Hatching Blog

IQY malspam campaign

  • 2018-10-15
  • Alwin Peppels
Analysis of a malspam campaign leveraging .IQY (Excel Web Query) files containing a Dynamic Data Exchange query to achieve code execution through native Excel functionality.

Hatching Blog

  • Hooking VBScript execution in Cuckoo

    2018-10-03 Internal English

  • Cuckoo Sandbox 2.0.6 pentest

    2018-09-18 Internal English

  • PolySwarm Kickstarts Platform with First Arbiter Based on Cuckoo Sandbox

    2018-02-26 External English

  • Aanpak toenemende dreiging ‘Internet of Things’

    2018-02-16 External Dutch

  • Provincie Zuid-Holland steunt innovatief malware onderzoek

    2018-02-07 External Dutch

  • Using a Free Online Malware Analysis Sandbox to Dig Into Malicious Code

    2017-08-28 External English

  • Cuckoo Sandbox vs. Reality

    2014-11-11 External English

  • Automating Malware Analysis with Cuckoo Sandbox

    2014-04-29 External English