The popular malware researchers Marco Ramilli has analyzed a malware that remained under the radar for more than two years.
![]() |
AntiVirus Coverage |
![]() |
Stage1: JAR invoking JavaScript |
![]() |
Stage 2: evaluated Javacript (obfuscated) |
![]() |
Stage 2: Manually Deobfuscated JavaScript |
![]() |
Python Script to Decode AES-KEY |
- ClassName
- Resource (a.k.a package in where it will be contextualized)
- Byte to be decrypted
- Secret Key
- Byte Length to be decrypted
![]() |
Stage 3 Decrypted JavaClass |
![]() |
On Final Stage VBS Run Files |
![]() |
Final Droppe Files (_RandomDec and plugins) |
![]() |
Detection Time Line (VirusTotal) |
Further details on the malware, including the IoCs are reported in the original analysis published by Marco Ramilli
https://marcoramilli.blogspot.com/2018/08/interesting-hidden-threat-since-years.html
About the author: Marco Ramilli, Founder of Yoroi
I am a computer security scientist with an intensive hacking background. I do have a MD in computer engineering and a PhD on computer security from University of Bologna. During my PhD program I worked for US Government (@ National Institute of Standards and Technology, Security Division) where I did intensive researches in Malware evasion techniques and penetration testing of electronic voting systems.
I do have experience on security testing since I have been performing penetration testing on several US electronic voting systems. I’ve also been encharged of testing uVote voting system from the Italian Minister of homeland security. I met Palantir Technologies where I was introduced to the Intelligence Ecosystem. I decided to amplify my cyber security experiences by diving into SCADA security issues with some of the most biggest industrial aglomerates in Italy. I finally decided to found Yoroi: an innovative Managed Cyber Security Service Provider developing some of the most amazing cyber security defence center I’ve ever experienced ! Now I technically lead Yoroi defending our customers strongly believing in: Defence Belongs To Humans
[adrotate banner=”9″] | [adrotate banner=”12″] |
Edited by Pierluigi Paganini
(Security Affairs – malware)
[adrotate banner=”5″]
[adrotate banner=”13″]