9687
Group for Malware Analysts. Pinned message with resources and rules: https://t.me/MalwareResearch/38033
greetings friends, malware sample request, 7d5b6bcc9b93aedc540e76059ee27841a96acb9ea74a51545dfef18b0fcf5b57, 6fc672288e68146930b86c7a3d490f551c8d7a7e8ba3229d64a6280118095bea, 'ad9044d9762453e2813be8ab96b9011efb2f42ab72a0cb26d7f98b9bd1d65965' thank you so much!
/warn add context to the link and remove tracking
Читать полностью…
It is a somewhat modular Trojan. If I remember correctly, the server injects a few DEX modules on first request to implement additional commands for uploading or downloading files on the device, exfiltrating SMS data, getting contact list or enabling the microphone, among other things.
Читать полностью…
You could check if the "protocol" depicted in these posts still applies. "Packets" are formed by two ASCII-encoded length values (i.e., you see "510" instead of hex 01 FE in a network trace), each one followed by a null byte, and then two gzipped blobs of data (starting with hex 1F 8B) which have the specified lengths. Connection transport should be ordinary TCP over an arbitrary port number.
https://insinuator.net/2022/09/spymax-the-android-rat-and-it-works-like-that/
https://www.stratosphereips.org/blog/2021/2/26/dissecting-a-rat-analysis-of-the-spymax
I often use the Medusa framework (which depends on Frida) to intercept and analyze how the malware app handles encrypted JSON objects sent by a fake C2. Maybe Medusa can intercept other kinds of C2 commands as well. Will look into it later.
Читать полностью…
Hi team! I'm looking for data breach by domain, what do you recommend?
Читать полностью…
I think I can only recall sandboxes have it
as for getting it out, not really sure. the APIs may allow that info to be queried, or no
/warn read rules and use english for communication
Читать полностью…
Any free websites/feed available where latest malwares are mapped with mitre attack framework along with their other attributes like impact, domains/IP's used etc...
Читать полностью…
User Anil has 1/3 warnings; be careful!
Reason:
add a description to links
Can anyone tell me how to hack android over wan without ngrok and i can gain access again using kali linux
Читать полностью…
Hello , did anyone do a jailbreak to ios 17.5.1 I need it to take a full filesystem image then analyze it to see if its infected or not
Читать полностью…
User Anil has 2/3 warnings; be careful!
Reason:
add context to the link and remove tracking
It try to connect via TCP - sends heartbeat, but not establish full connection with C2. Main problem i cant manage installed malware in admin console to make other activities like open file manager or use camera
Читать полностью…
Hi Guys and Girls,
I am a 3yr exp Blue team professional, and now looking to start malware analysis.
Any guidance is appreciated.
Hi all. Has anyone analyzed spymax android rat? I'm trying to trick a malicious apk by simulating C2 in my virtual machine and reconfigured network. the virus tries to initiate a connection with the server, but does not fully establish it, that is, it is not possible to reveal the full functionality of the virus.
The main goal is to dump malicious traffic while the virus is running and reproducing remote actions on the phone. Please advise what I can try?
User Hamed has 1/3 warnings; be careful!
Reason:
read rules and use english for communication
don't update and wait for about 2 years and there MIGHT be a jailbreak for that version and device
Читать полностью…
New FedBan
Fed: Libra's Empire
FedAdmin: Libra
User: Unknown Mr
User ID: 6728884712
Reason: no skids
haven't been in jailbreaking for a while. does checkra1n not support every single version? if it's not maintained im sure there is a fork of it which does support ios 17.x
Читать полностью…