Malware Research

02 Oct 2024 22:23

does anyone have any sample of this rootkit? (snapekit)
https://x.com/GenThreatLabs/status/1841482299558215698

Malware Research

02 Oct 2024 21:15

Has anyone seen or heard about threat actor targetting a security researcher because they published a piece about their activities?

Malware Research

02 Oct 2024 10:37

Anyone know Is it possible to download this sample?
https://www.virustotal.com/gui/file/c8c5d2e0d2a29417c4a89c55c4a0e452b948b1429418eda84be725774504a35c/detection

Malware Research

01 Oct 2024 21:38

Hello Rakesh, welcome to the Malware Research group! Please read the pinned message before you post!

Malware Research

28 Sep 2024 20:57

Blog post alert!

This one is about portable executable process injection (T1055.002) as implemented in BugSleep backdoor loader (attributed to MuddyWater). This is an old technique, but I go over why the implementation in the loader is buggy and easily blocked by EDRs.

I think people getting into malware analysis can use this information to learn not only the process injection technique, but also how not to take malware code at face value and to keep an eye out for bugs.

Blog link: https://nikhilh-20.github.io/blog/inject_bugsleep/

Malware Research

28 Sep 2024 13:18

You can check this fork. It features additional commits that you also might want to examine if you don't trust changes by others than the original author.
https://github.com/digitalsleuth/UnAutoIt

However, if you want to rebuild the binaries yourself, you'll realize the libautoit package is needed. Also, you might have to edit go.mod and some other files. I found a surviving fork with version 1.2.8, dated May 25, 2021.
https://github.com/CrackerCat/libautoit

I used this tool sometime ago and I faced a few bugs. For example, the dump directory is created with wrong permissions on Linux, and the option to set the chunk length to split long literal strings is called "strlit-max" in the help and "max-strsz" in the parser.

Malware Research

28 Sep 2024 11:46

hint: search Github (log in to Github and search the codes), Google, Bing

Malware Research

28 Sep 2024 10:11

User Dhiraj has 1/3 warnings; be careful!
Reason:
add context to links

Malware Research

28 Sep 2024 00:49

ah thank you, this is the actual sample i was referring to, if this helps

Malware Research

27 Sep 2024 22:11

sorry was that response for me?

Malware Research

27 Sep 2024 20:26

https://x.com/RandomDhiraj/status/1839717748970021027

Malware Research

27 Sep 2024 17:33

https://malcat.fr/blog/lnk-forensic-and-config-extraction-of-a-cobalt-strike-beacon/

might still be there, but you likely will need to tinker around till you get it (example in the above link)

Malware Research

27 Sep 2024 17:14

Checked the .data section, couldnt really find something

Malware Research

27 Sep 2024 17:12

Guys is it necessary that the config in a cobalt strike beacon is present on the .data section?

Malware Research

26 Sep 2024 17:54

Hello @httpredsec, welcome to the Malware Research group! Please read the pinned message before you post!

Malware Research

02 Oct 2024 21:16

Follow-up do you think that it would be better to publish research under a pseudonym or just initials to avoid such situations?

Malware Research

02 Oct 2024 15:56

Hello JARVIS, welcome to the Malware Research group! Please read the pinned message before you post!

Malware Research

02 Oct 2024 03:28

Eu estou transmitindo ao vivo! Venha ver! https://k.kwai.com/l/ZKCi0OZd

Malware Research

01 Oct 2024 05:13

https://github.com/capstone-engine/capstone/releases/tag/6.0.0-Alpha1

Malware Research

28 Sep 2024 17:07

I'm trying to install the CAPEv2 sandbox, but I'm encountering some confusion or lack of understanding regarding some configuration descriptions used in conf/processing.conf, specifically about the on_demand setting. Does anyone know about this setting and the impact of setting it to on or off?

Malware Research

28 Sep 2024 12:07

the hash is different though, you really sure it's the same sample?

Malware Research

28 Sep 2024 10:17

Does anyone have the tool from this GitHub repository: ?I've tried searching for it on the Wayback Machine but couldn't download it. Maybe someone has it. If you do, could I please ask for it? Thank you.

https://github.com/x0r19x91/UnAutoIt/

Malware Research

28 Sep 2024 09:41

Sorry, I only have a free account, so I can't download samples there

Malware Research

28 Sep 2024 00:49

https://koodous.com/apks/6c13658a81921f658f660a0f670eb61e9459d8105c1a72910a6bc8abd7795c65/general-information

Malware Research

27 Sep 2024 20:35

New FedBan
Fed: Libra's Empire
FedAdmin: ❤🦦
User: V O I D
User ID: 6809771801
Reason: selling exploits

Malware Research

27 Sep 2024 19:35

hi everyone, "7ff02fb46009fc96c139c48c28fb61904cc3de60482663631272396c6c6c32ec" sample request, thank you in advance

Malware Research

27 Sep 2024 17:15

Any help would be appreciated

Malware Research

27 Sep 2024 17:14

So I found a beacon, and ran some bunch of extractors on the sample turns out they fail on extracting but the detections and memory dump has traces of cobalt strike beacon based artefacts

Malware Research

27 Sep 2024 03:38

Hello @savi_hash, welcome to the Malware Research group! Please read the pinned message before you post!

Malware Research

26 Sep 2024 07:20

Hello @Kanaguthara, welcome to the Malware Research group! Please read the pinned message before you post!