Quick revs: Pandora Ransomware - The Box has been open for a while...
Hey there, I’m finally getting around to introducing the new post category “Quick revs”, which will feature short write-ups of various malware …
Between a rock and a hard place - Exploring Mount Locker Ransomware
Hey there, long time no blog post :D It’s not like I haven’t been doing any research the last couple of months, but between the whole Covid-19 …
The Blame Game - About False Flags and overwritten MBRs
Let’s start right off with a short introduction: The Malware analyzed here is a so-called MBR (Master Boot Record) Locker. It is targeting (like most …
Why would you even bother?! - JavaLocker
Hey there, yeah it has been a while. I’ve been quite busy with university stuff for the past weeks, so I’m trying to get back into the …
The Opposite of Fileless Malware - NodeJS Ransomware
This is not the first time that someone built a Ransomware Strain with NodeJS (check out this article about Ransom32 and let’s not forget about …
Not so nice after all - Afrodita Ransomware
This strain was first discovered by Korben Dallas on Twitter on the 9th of January. As I already mentioned the Malware is delivered via a …
Setting up a Malware Exchange for 36C3 with Viper
After checking the projects and self-organized Sessions I couldn’t find anything related to Malware Research or a place to discuss reverse engineering …
Another one for the collection - Mespinoza (Pysa) Ransomware
Fun Fact: The Extension ”pysa” is probably derived from the Zanzibari Coin with the same name. Apparently it’s quite popular with collectors. …
A B C, easy as один, два, три - Lockbit (ABCD) Ransomware
I got this sample from one of the victims posting in the Bleeping Computer Forum thread. From what I gather their systems fell to yet another RDP …
![God save the Queen [...] 'cause Ransom is money - SaveTheQueen Encryptor](https://dissectingmalwa.re/img/queen-logo.png){kind=logo}
God save the Queen [...] 'cause Ransom is money - SaveTheQueen Encryptor
Honestly I couldn’t decide between the title above and “All crimes are paid“, but Sex Pistols fans will get it regardless ¯\(ツ)/¯ I found this sample …
Try not to stare - MedusaLocker at a glance
Mystic but also a new(-ish) threat: Medusa ransomware. Let’s take a quick peek, but don’t look too close or you may need to fetch backups soon. A …
TFW Ransomware is only your side hustle...
..and you constantly have to apply for jobs. A partial analysis of the “GermanWiper“ Ransomware / Wiper. Today someone posted about a Ransomware …