Managed Defense analysts were the first one to analyse a variant of Quasar RAT specific to threat group APT10 (Red Apollo), a Chinese cyber-espionage group.

Agent Telsa is a spyware, keylogger and information stealer Trojan written in C# that has been active since 2014 as a MaaS (Malware as a Service). Commonly distributed via emails, the attacker intends to lure the victim into opening the attachment.

DarkCrystal RAT analysis made by a beginner, performing static analysis in order to gain a deeper understanding on how this malware operates.

The biggest enemy of a virus writer are scanner products that are the most popular of current antivirus software. Generic AV solutions, such as inteegrity checking and behaviour blocking, never managed to apparoch the popularity of antivirus scanner.

Memory resident viruses often use a tunneling technique to get around behaviour blocker systems. Resident tunneling viruses attempt to be the first on a call chain of interrupts, installing themselves in front of other resident applications, to call interrupts directly at the entry point of their original handler.

Direct-action viruses load with the host program into computer memory. Upon getting control, they look for new objects to infect by searching for new files. This is exactly why one of the most common kinds of computer virus is the direct-action infector and it can be crafted with relative ease by the attacker on a variety of platforms. They only infect a couple of files upon execution, but some viruses infect everything at once by enumerating all directories for victims.

The first known successful computer viruses were boot sector viruses; they are rarely used nowadays but are interesting since they can infect any computer by taking advantage of the boot process of personal computers. Because most computers do not contain an operating system in their ROM, they need to load the system from somewhere else, such as from a disk or from the network.

To analyse any malware, we need to understand its theory, how malware are built and where do they get executed. In this chapter, we'll take a look at different environments that a malware can get executed or spread to different systems.

Static analysis is the process of analysing a malicious code without executing it. In this chapter, we will see different techniques when approaching our initial phase of analysis where we'll simply gather general information about what the malware could do and guess it's behaviour.

Introduction to malware analysis, some foundations and terminologies. We'll also take a look at what static and dynamic analysis.