Portcullis is proud to be associated with “Riding For Karl”, a local leukaemia charity from the area where our HQ is based, inspired by a much loved local man to raise money for a very important cause; fighting leukaemia.
Three people from Portcullis will be cycling ridiculous distances to raise both awareness and cash for Leukaemia and Lymphoma Research in memory of Karl Sandwith, a much loved young man who will be missed by many. Continue reading
As discussed in part one, there are about 700 different locations where the decryption routine is called, each using different keys and data length parameters. Revealing this hidden data is an important step. It aids us in understanding the hidden functionality of the malware, it also helps us understand the aim of the malware, giving us an insight into how it undertakes reconnaissance, how it communicates with its controllers and how it accesses information once in place. Continue reading
The analysis in this article will focus on a maliciously dropped DLL file discovered by the Portcullis CTADS team during an investigation.
The malware actions are based on the configuration that the dropper applies to the infected system, however, typically it will create a service to ensure that the malware will run on every system startup. Continue reading