PropertyBomb – An Old-New Technique for Arbitrary Code Execution in VBA Macro

A few days ago, BitDam’s Deep Immunization (DI) Engine detected a malicious file with an interesting behaviour, which we suspect was designed to bypass common dynamic analysis solutions. The file uses a VBA macro in order to run a binary-level shellcode, used to download and execute a second-stage payload. The file was found in the […]

Read More…

Banker In The Bunker

Detected New Advanced Threat Alert by BitDam – Technical Analysis By: Roy Rashti (Cyber Security Expert) & Leon Berlin (Security Researcher) BitDam’s engine detected an interesting file called “Request.doc” in one of our customers. The file, with sha1 of ebe28e25e2e976120afb0a687fc19618fcf9003d was not present in VirusTotal or any other site at the time we’ve detected it. […]

Read More…

Sandboxes Are Not Foolproof

Sandboxing cyber security solutions are predicated on opening files in a ‘controlled environment’, while monitoring the file’s actions – api calls, file access, network, to characterize it’s behavior and determine if its malicious. With their rising popularity attackers have developed sandbox evasion techniques including simple ‘sleep’ modes to avoid scan detection, to more sophisticated evasions […]

Read More…

GandCrab – The new Ransomeware in the block

A few days ago, I was examining files that we’ve detected in one of our customers. I encountered an interesting PDF (SHA1 – d75e3d2c235bf1e52cca16f597fe05fcfce89ad6) which is the dropper and installer of the new version of GandCrab Ransomware. A lot was said about Ransomwares, dozens of solutions claim to protect against it and yet we encounter […]

Read More…

What’s the story behind Spectre?

In January, a severe hardware flaw was discovered in Intel’s microprocessors (named “Meltdown”). An additional vulnerability, which is much more severe, and challenges the design of modern CPUs has also been discovered – named “Spectre”. These are vulnerabilities in computer hardware, not software and they affect virtually all high-end microprocessors produced over the last 20 […]

Read More…

© 2018 BitDam Ltd.