MadoMiner Part 2 - Mask

October 29, 2018 | James Quinn
James Quinn

James Quinn

James has been programming since he was 12 but didn’t become interested in Cybersecurity until around 16. He’s now finishing his 3rd semester for a Cybersecurity associate’s degree. In James’ free time, he analyzes malware dropped on his dionaea honeypot and would consider himself an amateur photographer.

October 29, 2018 | James Quinn

MadoMiner Part 2 - Mask

This is a guest post by independent security researcher James Quinn.      If you have not yet read the first part of the MadoMiner analysis, please do so now.  This analysis will pick up where Part 1 left off, while also including  a brief correction.  The x64 version of the Install module was…

September 24, 2018 | James Quinn

MadoMiner Part 1 - Install

2018 seems to be a time for highly profitable cryptominers that spread over SMB file-shares.  Following my analysis on ZombieBoy in July, I found a new malware sample that I’m calling MadoMiner.  With the help of Chris Doman, I was able to analyze it to discover that it uses techniques similar to ZombieBoy, because it hijacks Zombieboy…

Get the latest security news in your inbox.

Subscribe via Email

July 18, 2018 | James Quinn

ZombieBoy

This is a guest post by independent security researcher James Quinn.Continuing the 2018 trend of cryptomining malware, I’ve found another family of mining malware similar to the “massminer” discovered in early May.  I’m calling this family ZombieBoy since it uses a tool called ZombieBoyTools to drop the first dll.ZombieBoy, like MassMiner, is…

Watch a Demo ›
GET PRICE FREE TRIAL