UnpacMe Weekly: Malware Analysis at Scale!

Sean Wilson -

Highlights

  • Increased Quotas for all accounts!
  • New Boosted plan offers API access and increased quotas for non-commercial use.
  • All commercial accounts can now upload private submissions.
  • API access to our Yara validation and hunting services as well as binary search.
  • Goodware Yara scanning and testing.

Last month was somewhat of a milestone for us at UnpacMe as we onboarded our 10,000th user! We wanted to take this opportunity to extend a big thank you to all of our supporters, independent analysts, organizations, and partners. With your help we are now able to offer increased submission quotas for all accounts, including free Public users!

Public

Free Public accounts now have access to the following monthly quotas for our services.

  • 50 Public analysis submissions
  • 10 Yara hunt searches with a Lookback Window of 12 weeks
  • 50 Search queries (including binary search) with Lookback Window 12 weeks
  • 25 Sample downloads

Boosted

Our new Boosted plan provisions Public accounts with API access allowing automated use of our services for non-commercial purposes. The plan also provides the following boosted monthly quotas for our services.

  • 100 Public analysis submissions
  • 20 Yara hunt searches with a Lookback Window of 12 weeks
  • 100 Search queries (including binary search) with Lookback Window 12 weeks
  • 50 Sample downloads
  • API access for automation

Researcher

Researchers now have access to Private submissions and the following increased monthly quotas for our services.

  • 50 Private analysis submissions
  • 200 Public analysis submissions
  • 25 Yara hunt searches with a Lookback Window of 26 weeks
  • 1,000 Search queries (including binary search) with an unlimited Lookback Window
  • 2,500 Sample downloads
  • API access for automation

PRO

Pro accounts now have access to the following monthly quotas for our services.

  • 250 Private analysis submissions
  • 500 Public analysis submissions
  • 50 Yara hunt searches with a Lookback Window of 26 weeks
  • 10,000 Search queries (including binary search) with an unlimited Lookback Window
  • 5000 Sample downloads
  • API access for automation

Automation

For automation accounts we now offer 1000 Private submissions and 5000 Public submissions! And for high volume Enterprise access we offer dedicated endpoints. Drop us an email and say hi for customized plans.

Yara Goodware Scanning

With the release of UnpacMe v7.3 we also provide the ability to test your Yara rules against our Goodware corpus to ensure you don't have any false positives! This is available to all accounts, just flip the switch at the top of the Yara Hunt page!

Goodware Yara Scanning

Yara Automation with API Access

Along with the latest UnpacMe release we have updated our API with access to our Yara services, and Search. The following Yara services are now available for integration with your automation tools.

Weekly Threat Hunting

This week we are seeing a similar trend to previous weeks with Downloaders and Information Stealers being the top submitted threat types. Redline Stealer continues to be the most submitted malware family across all threat types, followed by Amadey and AgentTesla.

We continue to see submissions of DJVU/Stop Ransomware samples, although at a decreased rate from previous weeks. As previously reported, these samples continue to include embedded payload URLs within the configuration which link to Vidar Stealer and a Clipboard Hijacker payloads. We are still unsure why there has been sudden increase in DJVU/Stop Ransomware submissions over the past couple of weeks. We will continue to track these samples and hope to have more information to share as we build our understanding of the campaign.

Last Week's Top User Submitted Threats

As always, if you have any feedback or issues please let us know.

Happy Hunting!