malwareresearch | Unsorted

Telegram-канал malwareresearch - Malware Research

9618

Group for Malware Analysts. Pinned message with resources and rules: https://t.me/MalwareResearch/38033

Subscribe to a channel

Malware Research

Good morning here. Please could u tell me how to fix the malware Expiro win32 and win64?

Читать полностью…

Malware Research

User HackBos has 1/3 warnings; be careful!
Reason:
English only

Читать полностью…

Malware Research

https://www.youtube.com/watch?v=PVG4e2dNfm0

Читать полностью…

Malware Research

Ok, I'll keep investigating, thanks for your time.

Читать полностью…

Malware Research

Do you have links where this family is defined somewhere? Pony doesnt ring a bell for me

Читать полностью…

Malware Research

From what I saw it seems to be a pony.exe family

Читать полностью…

Malware Research

And you know, something that catches my attention is that the file itself is called Chrome.pif but it seems like a direct access, and when I open it with DNSpy it has another name

Читать полностью…

Malware Research

Why do you that it is obfuscated ?

Читать полностью…

Malware Research

You can try using die or de4dot to identify what obfuscation is it and then work from there

Читать полностью…

Malware Research

Hello Everyone,

I’m excited to share a new video where I demonstrate AI-powered threat hunting using the Garuda Framework—a tool I developed for manual threat hunting, leveraging rich endpoint telemetry from Sysmon.

In this video, you’ll see how Garuda, when integrated with a large language model (LLM), can automatically identify threats, showcasing the power of combining structured telemetry with AI for autonomous threat detection.

Watch Here: https://youtu.be/Sk_c5w1CEiY

Garuda will be officially released at DEF CON 2025. If you’re curious about how AI can extend manual threat hunting or want a first look at Garuda in action, I’d love for you to check out the video.

Читать полностью…

Malware Research

Hello everyone. Does anyone have any idea how to perform a test to understand what an application writes to memory?
The context: I need to intercept data that the application passes in 3 ways:
1) localhost
2) shared memory
3) http to other servers
what interests me is via shared memory, but I have no idea how to do it. Does anyone have any hints to guide me? On the machine I have procmon and process hacker. do I need frida?
The machines are in a lab, but I don't want to get the machine too dirty because there are other tests going on.

Читать полностью…

Malware Research

User Zachura en has 2/3 warnings; be careful!
Reason:
don't spam

Читать полностью…

Malware Research

Hello Lorenzo, please make sure to read rules. Welcome

Читать полностью…

Malware Research

the victim downloads an unlocker that has the privkey, that privkey can decrypt all the keys that decrypt all their files

Читать полностью…

Malware Research

Hello Profound, welcome to the Malware Research group! Please read the pinned message before you post!

Читать полностью…

Malware Research

New FedBan
Fed: Libra's Empire
FedAdmin: ❤🦦
User: HackBos
User ID: 2053535532
Reason: illegal activity

Читать полностью…

Malware Research

I explain a bit about the fpu stack

Читать полностью…

Malware Research

haven't seen or heard about Pony since I last took a SANS course quite some years ago...

but I don't mind being surprised about it

although from the codes, I'm not inclined to think it's Pony, more likely one of the more common infostealer families out there, as per what Libra has mentioned

Читать полностью…

Malware Research

I agree with Libra. This seems to be a loader for next stage. Additionally, rsrc section has high entropy.

As for the code from the screenshot, it looks like junk instructions are added in between. You should be able to debug this sample in order to get the next stage.

Читать полностью…

Malware Research

The code above main is doing some process killing of unwanted processes, the code is all in a single class, so Im assuming this is a loader for a next stage

Читать полностью…

Malware Research

The .pif file feels like its the CypherIT loader, followed by some generic malware probably. Since its .net, its either another loader or the final payload. Guessing its snakekeylogger due to its prevalence, could also be lumma given the frequency

Читать полностью…

Malware Research

Because when I open it with DNSPY I see it like this..

Читать полностью…

Malware Research

Hello, first of all, thank you for taking the time to respond :) Well, with de4dot it indicates that it's uncoded and...

Читать полностью…

Malware Research

Hi! Sorry to bother you, do you have any advice for someone starting out with malware analysis? Specifically, I'm having a problem with a .pif file, but I doubt it's due to the .net entries. I opened it with dnSpy, and to my "surprise," it's obfuscated. I tried using de4dot, but I couldn't de-obfuscate it. Anyone? Any ideas? A lifesaver? Hehe - as always, I apologize, I don't speak English.

Читать полностью…

Malware Research

New FedBan
Fed: Libra's Empire
FedAdmin: Libra
User: Zorko
User ID: 7721845900
Reason: no paid ads, you got warned multiple times in different groups

Читать полностью…

Malware Research

Okay I will not spam respect

Читать полностью…

Malware Research

Okay can I talk to rose

Читать полностью…

Malware Research

but they use a different priv-key for "customer" or they should

Читать полностью…

Malware Research

How decryption happens sir after ransom Is paid?

Читать полностью…

Malware Research

Hello Profound, welcome to the Malware Research group! Please read the pinned message before you post!

Читать полностью…
Subscribe to a channel