Recovering custom hashes for the Petya/Notpetya malware

During our malware analysis, we often come across samples that contain (custom) hashes in stead of cleartext. Hashing is done in an effort to bypass detection and hinder malware analysts. There are tools to recover cleartext from known hashing methods (like John the Ripper and hashcat). But for custom hashing methods, you'll have to write … Continue reading Recovering custom hashes for the Petya/Notpetya malware

Wcry ransomware – Additional analysis

Introduction Since May 12, a large number of organisations has fallen victim to the "wcry" (or "Wanacry") ransomware, which abuses the SMB exploits / vulnerabilities that were famously released in the Shadow Brokers data dump in April 2017. Our aim in this short blog post is not to repeat existing information, but communicate some additional … Continue reading Wcry ransomware – Additional analysis