We have added support for the Microsoft Office ActiveMime format. This format can be used to encapsulate Office documents and hide their contents during analysis. You can download the package from Cerbero Store.
Cerbero Suite 7 Release
🚀 Big News! We’re thrilled to announce the launch of Cerbero Suite 7 and Cerbero Engine 4. In this post we’ll dive into the arsenal of enhanced features, refined interfaces, and cutting-edge capabilities designed to provide unparalleled insights into the most enigmatic malware threats.
🔍 What’s New in 7.0?
- Unified Editions: We have simplified our offering by unifying the editions of Cerbero Suite, thereby removing the distinction between the Standard and Advanced editions.
- Simplified Renewal Process: From the inception of version 7’s life-cycle, every license purchased will be valid for 1 year, irrespective of the purchase date, and will encompass updates to any major new versions within that year-long period.
- New Features: A fast text view with syntax highlighting, optimized for previewing large files, and a new interface to display file system structures are just two of the features we’ve added.
- Redesigned UI: Navigate through a more intuitive, responsive, and streamlined user interface, enhancing your analytical workflows.
- Python Workspace: Use our improved Python Workspace to edit your scripts with the help of auto-completion.
- Cerbero Store: A refined interface to navigate and install packages.
🛡️ Stay Up-To-Date Against Threats
Through the packages offered on Cerbero Store, we remain committed to delivering the fastest updates to counter the latest threats.
📰 Cerbero Journal Reader
Beginning with this release of Cerbero Suite, our customers will enjoy a 3-month early access to Cerbero Journal, our company’s e-zine.
💵 Launch Promotion
Secure your copy within the first 14 days and enjoy an exclusive launch discount!
Cerbero Journal Issue 3
The 3rd issue of Cerbero Journal, our company e-zine, is out!
In this issue we discuss the many packages we have released in the past 6 months for both commercial and personal licenses of Cerbero Suite: 26 pages of news, articles, tutorials, challenges and games. Moreover, to celebrate the summer season we have included an IT crossword puzzle!
Cerbero Suite 6.5 and Cerbero Engine 3.5 are out!
We have released Cerbero Suite 6.5 and Cerbero Engine 3.5. What follows is a list of the most important new features.
Continue reading “Cerbero Suite 6.5 and Cerbero Engine 3.5 are out!”
HybridAnalysis Intelligence Package
We have released the HybridAnalysis Intelligence package for all commercial licenses of Cerbero Suite Advanced. Once the package is installed, you can search malware samples on the Hybrid Analysis cloud.
Obfuscated Batch Scripts in OneNote Document
This malicious OneNote document contains two obfuscated batch scripts and we’ll be using our commercial Simple Batch Emulator package to understand what they do.
SHA256: 46149F56028829246628FFAFC58DF81A4B0FF1C87ED6466492E25AD2F23C0A13
Continue reading “Obfuscated Batch Scripts in OneNote Document”
Extreme PowerShell Obfuscation
We recently stumbled upon an old article by Daisuke Mutaguchi explaining an extreme technique for PowerShell obfuscation. The article is in Japanese, so you may have to use Google translate.
Here’s the final example provided by the author of the article:
${;}=+$();${=}=${;};${+}=++${;};${@}=++${;};${.}=++${;};${[}=++${;}; ${]}=++${;};${(}=++${;};${)}=++${;};${&}=++${;};${|}=++${;}; ${"}="["+"$(@{})"[${)}]+"$(@{})"["${+}${|}"]+"$(@{})"["${@}${=}"]+"$?"[${+}]+"]"; ${;}="".("$(@{})"["${+}${[}"]+"$(@{})"["${+}${(}"]+"$(@{})"[${=}]+"$(@{})"[${[}]+"$?"[${+}]+"$(@{})"[${.}]); ${;}="$(@{})"["${+}${[}"]+"$(@{})"[${[}]+"${;}"["${@}${)}"]; "${"}${.}${[}+${"}${)}${@}+${"}${+}${=}${+}+${"}${+}${=}${&}+${"}${+}${=}${&}+${"}${+}${+}${+}+${"}${[}${[}+${"}${.}${@}+${"}${+}${+}${|}+${"}${+}${+}${+}+${"}${+}${+}${[}+${"}${+}${=}${&}+${"}${+}${=}${=}+${"}${.}${.}+${"}${.}${[}|${;}"|&${;};
Yes, this is valid PowerShell.
Although there are limits to static deobfuscation, we decided to see what can be done about this with the new release of our PowerShell Beautifier package.
CRX Format Package
We have released the “CRX Format” package for all licenses of Cerbero Suite Standard and Advanced. This package provides support for the Chrome extension format.
The package also allows to download Chrome extensions by their public URL.
Chrome extensions can be downloaded either from the main window or from the analysis workspace action.
PList Format Package
PowerShell Malware with x64 Shellcode
This malware gives us a chance to see the recently introduced Silicon Shellcode Emulator in action.
SHA256: 8CF1E49C74FB05DE954A6B70281F47E3CBD021108B0EE11F4A59667FF28BFEE9