I recently took a closer look at Retefe because they seem to have abandon the short-lived “SmokeLoader”-phase and moved back to “socat.exe” and the TOR-network. The original delivery method is by mail spam, sending an Office document (either a docx or xlsx attachment) with an embedded OLE object (the malicious .exe file). If the victim […]
Continue ReadingExtracting HTML Body From Firefox Cache
Today I was asked for a copy of a website that was already nuked before the analysis was completed. No online platforms has yet picked up a copy and VirusTotal did not show a hash for the download. Trying to come up with a solution for this problem, I remembered that browsers often keep a […]
Continue Reading