UnpacMe Weekly:It's Raining Redline

This week we've observed a substantial increase in Redline Stealer submissions. A large number of these are utilizing a hash-busted packer.

UnpacMe Weekly: New variants of in2al5dp3in4er and StrelaStealer

We have identified new variants of in2al5dp3in4er (invalid printer) packer being used to distribute Aurora Stealer and Vidar Stealer. These variants were observed to have low AV detection rates.

UnpacMe Weekly: New Version of IcedId Loader

This week we've updated coverage for IcedId and an IcedId fork based on a newly observed version.

UnpacMe Weekly: Search Everything

This week we've introduced the ability to search for samples using ascii, wide, and hex-encoded strings. Quickly find related samples, and test pattern uniqueness without running a full Yara scan.

UnpacMe Weekly: Large file with Zip Archive Support and Family Updates

We have increased the size of submissions from 20MB to 100MB and have added support for zip archives which contain a single executable (PE) file.

UnpacMe Weekly

Last week with the revival of Emotet spam campaigns we observed a spike in Emotet submissions as the developers continue to use their hash-busting technique.

UnpacMe Weekly: Extractor Updates

This week, we have updated malware configuration extractors for Remcos & DbatLoader, and added a new extractor for the first stage of PureCrypter.

UnpacMe Weekly: Extractor Updates

This week we have updated several malware configuration extractors including Azorult, AsyncRat, LummaStealer and Remcos.

UnpacMe Weekly: Extractor Updates

This week we've updated several malware configuration extractors including Qakbot, Snake Keylogger, Raccoon Stealer, Icarus Stealer, and ISFB.

UnpacMe Weekly: Maintenance & Extractor Updates

This week we have updated several malware config extractors including SmokeLoader, XLoader and VidarStealer.