Posted Updated Malware Analysis11 minutes read (About 1665 words)

Analyzing the Windows LNK file attack method

Recently a friend of mine shared an interesting Malicious sample, it was a Microsoft shortcut file (LNK file) which after clicking(execution) lead to infection, although I was not aware of this type of attack vector before doing a basic research on google I was surprised that there is an increase in this type of attacks since 2017. In this post we will Analysis the LNK file malware and uncover how attacker uses multiple layers of obfuscation to evade AV and finally dropping malicious binary, we will also look into how to de-obfuscate each layer and understand what the code is doing.

Read more
Posted Updated Malware Analysis14 minutes read (About 2137 words)

Unpacking Grey Energy malware (Service Application DLL)

Recently I stumbled upon malware sample which was part of Grey Energy malware campaign targeting Ukraine energy infrastructure. I ran the hash of the file on virutotal and many of the antiviruses tagged it Grey Energy and I tried to do a little more internet research but didn’t find and analysis on it. As there was no post on this sample so I decided to write one.
In the post you will learn the following:

  1. How to debug Windows Service Application DLL
  2. Learn how to use a EBFE debugging technique
  3. Unpacking a DLL binary
  4. How to dump an unpacked in-memory executable

File hash : 15a6f734ca79efc027000dd12f4d3870ccc9f604517b0e700c05b961659308d1

Read more
Posted Updated Malware Analysis25 minutes read (About 3757 words)

Gandcrab v5.0.3 detail analysis of javascript delivery payload

Recently a friend of mine shared with me a Javascript file which on execution resulted in machine been infected by GandCrab ransomeware. Initial through was that it must be the Javascript implementation of ransomeware, but assumption tuned out to be wrong, the code was actually heavily obfuscated and it dropped the actual GandCrab binary (v5.0.3) which did the encryption. The Javascript code did lots of other technology like using Powershell script and ActiveXObject in order to evade detection.

Read more
Posted Updated Malware Analysis19 minutes read (About 2817 words)

Reversing Bushido IOT botnet by ZullSec

Yet another Linux Botnet sample by the name of Bushido by a group called 0ffsecurity, but this time things are little interesting, the bad actor is not just interested in using compromised IOT device as DOS attack surface but also using compromised web servers. In this post, we will examine how a small infection shell script which leads to the unravelling of dozens of malware. Solving this case also uncovered the hacker group behind this malware.

Read more
Follow

Categories

Tags

ACS7121
Arduino5
Bare-Metal1
CTF14
Chat Bots2
Classification1
Data Wrangling3
Dev1
Dropper1
ESP82662
Editor1
Emacs1
Exploitation2
GandCrab1
Grey Energy1
Heap Exploitation4
Kernel Debugging1
Linux16
Linux Malware3
Malware Analysis3
Python5
ROP1
Regression1
Reverse Engineering1
Visualization1
WarGames5
Windows Malware3
Windows Reversing1
glibc1
javascript obfuscation1
pwnable13
pwnable-kr7
pwnable-tw6
radare24

Recents

Archives

Your browser is out-of-date!

Update your browser to view this website correctly.&npsb;Update my browser now

×

×