Author Archives: Ali Paşa Turhan

Quick Analysis of SSLoad Malware Infection Chain

SSLoad is a malware family classified as an advanced persistent threat (APT) and is primarily used for cyber espionage. This sophisticated malware stands out due to its modular structure and complex attack techniques. It typically infiltrates target systems through phishing … Read More

Analysis of Agent Tesla: Malicious Excel File

Agent Tesla first emerged in 2014 and has since undergone numerous updates, continuously evolving to evade detection and enhance its capabilities. Initially, it was a relatively simple keylogger and information stealer. However, over the years, it has transformed into a … Read More

Analysis of Lnk Based Obfuscated AutoIt Malware

The analysis process of a lnk-based malware is generally based on static and AutoIt deobfuscation. To examine the important fields of the lnk file where the infection chain first starts, let’s look at its headers and commands. There is a … Read More

How to Use DOCGuard

DOCGuard is a mail security tool with advanced features. It provides fast and effective analysis of malicious files, keeping users safe from cyber threats. Its structure-based analysis capability offers a speed advantage over other sandbox and analysis tools, so it … Read More

Microsoft Compiled HTML Help (.chm) Using In Spearphishing Attack

CHM, or Microsoft Compiled HTML Help, is a proprietary format for online help files used in Windows applications. Microsoft introduced it as a successor to the earlier HLP (WinHelp) format. CHM files are commonly used to provide software application documentation, … Read More

A Quick Analysis of Vjw0rm

Vjw0rm is a javascript-based worm. It keeps coming up with different AV bypass mechanisms day by day, and according to our research, Vjw0rm was first seen in 2020-2021. Vjw0rm can perform operations with different commands. It communicates with the C2 … Read More

The New AV Bypass Technique: Embedded Malicious Word in PDF File

Attackers can create files with a PDF signature by manipulating the file structure to bypass AVs. An MHT file created in Word and containing macros is embedded in a PDF file. Then, when this file is recognized as a PDF, … Read More

Deep Dive: Analysis of Shell Link (.lnk) Files

.lnk files, commonly known as shortcuts, allow a specific application to run. Usually, users can safely access these files on their computers and run them correctly. However, malicious actors have the potential to use these files to trick users into … Read More

Unraveling Obfuscated Macros in Office Files:A Step-by-Step Guide

Phishing attacks are one of the most common security threats in the digital world today. In recent years, there has been a trend of malicious actors using Office files to make their targets more sophisticated. Office files are files that … Read More