Cutwail : Malware With a Crash Reporting Feature.

Cutwail Spam component is a part of PushDo Botnet . Recently I was analysing Cutwail and came across an interesting patch reporting functionality in Cutwail .

It starts with Fixing IAT ( Import Address Table ) to correct corresponding addresses . This is done because this component of Pushdo is loaded and executed thought process Tunnelling / RunPE method

 
0
Kudos
 
0
Kudos

Now read this

Practical Threat Hunting and Incidence Response : A Case of A Pony Malware Infection

Most organizations opt for an incidence response , after a catastrophic cyber security event has taken place . Incidence response and threat hunting focus on events that happen after an endpoint is hit by a cyber attacks ,for example a... Continue →