deda.group
Deha login
  1. Home
  2. /
  3. Blog
  4. /
  5. We dissected the Astaroth...
Security

We dissected the Astaroth malware, here’s what came out!

  There is an insidious malware, known as Astaroth o Guildma, which is increasingly present in the Italian corporate landscape and which, using outdated programming languages, circumvents security controls and steals sensitive information. Two of our colleagues took apart step by step how the malware works, highlighting the levels of sophistication cyber criminals can reach and the techniques used to avoid detection. What can save companies in the face of a targeted attack activity that deploys skills that can change logic in the code of legitimate applications, compromise an operating system’s processes, or even exploit the narrow focus of detection systems on old programming languages? Obviously, there is a need to mediate between costs and benefits: only by balancing automated tools with experienced and passionate analysts with adequate knowledge and skills can targeted and sophisticated threats be detected and responded to more dynamically, analyzing anomalous behavior and suspicious activity preemptively. Those who want to learn more can read the analysis and research work that has been behind the “Let’s tear him to pieces! A brief journey into the world of Malware Analisys“, the speech given by our colleagues on stage at the latest Security Summit in Milan. Detail: the following report takes an in-depth look at the 2024 variant of Astaroth (or “Guildma”), the malware written in the Delphi language that steals information spread since 2017 with phishing campaigns. Its development is based on old programming languages that avoid detection. Our experts, through a “controlled by stageanalysis technique, atomically executed each stage of the malware in order to demonstrate its relative functionality. Through this controlled startup, it was possible to systematically observe and analyze the behavior of the malware in an isolated and controlled manner with the goal of dissecting it and understanding in detail the steps it takes to execute the payload and unearth the techniques it employs to hinder and slow down the analysis process. Here is the article

logo DEDA

Deda Cloud srl – sole shareholder


Legal Office: Viale Fulvio Testi, 280/6- 20126 Milan, Italy
Administrative Office: Via di Spini, 50 – 38121 Trento
VAT, Tax Code and Reg. No.: 11333750963 | Share Capital: EUR 16,521,295.00 fully paid-up

 

SERVICES

Multicloud & Infrastructure
Cybersecurity
Managed Services
Enterprise Managed Platform

INFO

Deha Login
Become a Partner
Work with us
Contact us

CONTACTS

Phone +39 0461 997111
PEC – deda.cloud@legalmail.it
Mail – info@dedagroup.it
DPO – dpo@dedagroup.it

DEDA CLOUD
È UNA SOCIETÀ DI

deda.group logo
Deda Investor Media Careers Blog