9379
Group for Malware Analysts. Pinned message with resources and rules: https://t.me/MalwareResearch/38033
New FedBan
Fed: Libra's Empire
FedAdmin: ❤🦦
User: D
User ID: 910579401
Reason: illegal activity
I'm half guessing that. the other half is just malicious intent, haha
Читать полностью…
i already know even i have done reverse engineering also
Читать полностью…
User M3nd;1x has 1/3 warnings; be careful!
Reason:
don't spam
ee3d776cdaf82335e4293e19ee313cc35eee49cde9963b96766a8f9c89d44a79
Читать полностью…
cea1d85967d2c456fccecae3a70ff2adfe4c113aacf9d18c35906c2ed24ca9b4
Читать полностью…
SHA256:7adffc1c0b3fdcba46e8d0a81203c955976d4ef39893c98d0b2dbfbb8d6a8ec3
Читать полностью…
hash_sha256 = “A635F0C94C98B658AE799978994F0D0A292567CD97B8A19068A8423D1297652A”
Читать полностью…
New FedBan
Fed: Libra's Empire
FedAdmin: ❤🦦
User: Catherine Leong
User ID: 7675314716
Reason: scam
Yeah makes sense just a small wrapper fix Once you tweak SIGINT it should work fine
Читать полностью…
Got it that sounds like an input handling issue in the wrapper you might be able to remap Ctrl+C properly or hook the interrupt signal so it behaves like expected
Читать полностью…
It works just like how it would work using 2 windows vms to debug but i should test network a little bit more
Читать полностью…
have you tested it across different Windows builds or kernel versions? Also curious if there are any edge cases under heavy debugging sessions like breakpoints during high network activity
Читать полностью…
still its better to delete that
1. to prevent accidental fire up EDR whoever have auto download on
2. telegram moderation doing shitty work these day , very frequently group delete in name of malware spreading
I think its varient of sample you just shared above
Читать полностью…
New FedBan
Fed: Libra's Empire
FedAdmin: ❤🦦
User: Yaromir
User ID: 6121758906
Reason: illegal activity
requesting sample 7719965bbfdbfdc59ac140fb0fe215f02d253603939f52a8d17a5530e61c942c, related to this article singhbkn07/inside-the-fake-rto-challan-checker-how-i-uncovered-a-sophisticated-android-spyware-targeting-8f2da6a9a5a0" rel="nofollow">https://medium.com/@singhbkn07/inside-the-fake-rto-challan-checker-how-i-uncovered-a-sophisticated-android-spyware-targeting-8f2da6a9a5a0
Читать полностью…
New FedBan
Fed: Libra's Empire
FedAdmin: alex 27
User: Alexie
User ID: 8292284010
Reason: haxor
e4c9f3bb4a65c640795bfc1a56c0b56485b849ccd97027eed7ad9aa78a732a4f
Читать полностью…
4d8ac85c5b98c69ba44146df61183e9bf613edd796aa516c3ae73611b7d77c06
Читать полностью…
ecd5ed16975d556d1d17bc980f248f8a5262bed11df9d9cf999efd9c273c11df
Читать полностью…
Hello guys, I am a master's student preparing to conduct research in the direction of malware, but I don't have a good idea. Does anyone have good ideas?
Читать полностью…
New FedBan
Fed: Libra's Empire
FedAdmin: ❤🦦
User: Bryan Liew
User ID: 7722102010
Reason: scam
Yeah i know, it sends sigint so I should work in wrapper a little bit but I didnt have much time because of work etc., I will work on it soon
Читать полностью…
Only problem i know is you cant use Ctrl+C to break but can use Ctrl+F it is issue with wrapper
Читать полностью…
Honestly i tested it on windows 11, not any other but good idea, i should test it more
Читать полностью…
in case anyone needs, i could make kd work under wine with kdnet support to kernel debug windows. After I test it, I couldn't find any issue, it works flawlessly for now. If anyone needs, yall can check it out. btw if yall don't want to use patched dll, you can see instructions on what to patch so you can do it yourself too. https://github.com/basicacc/kd-linux
Читать полностью…