Malware Research

20 Oct 2024 16:18

Blog post alert!

This one is about Turla backdoor. It tries to bypass ETW, EventLog and AMSI via well-known techniques - disabling PSEtwLogProvider and patching specific functions' instructions. But some of its patching is buggy. This blog describes the bypass techniques and why some of the function instruction patches are faulty.

Blog link: https://nikhilh-20.github.io/blog/turla_backdoor_defenses_bypass/

Malware Research

18 Oct 2024 15:35

hi guys anyone has the following samples?
D330F1945A39CEB78B716C21B6BE5D82
B38D1C18CBCCDDDBF56FDD28E5E6ECBB

Malware Research

17 Oct 2024 09:06

Google, Bing, Yandex are your best friends: https://www.sans.org/blog/alternate-data-streams-overview/

Malware Research

17 Oct 2024 08:45

With regards to can: yes. The question is if they do. I presume AV/EDR/XDR vendors got it covered, but not all forensic tools might

Malware Research

16 Oct 2024 19:01

Hi everyone, sample request, thank you in advance
https://www.virustotal.com/gui/file/3420c9d87724bf00e41e0303d5dd5cd60ee4339f7583d9964200c8f0bfe34ea5/summary

Malware Research

16 Oct 2024 12:18

Hello Enrik Loshi, welcome to the Malware Research group! Please read the pinned message before you post!

Malware Research

14 Oct 2024 12:53

New FedBan
Fed: Libra's Empire
FedAdmin: ❤🦦
User: Smithy
User ID: 1382864004
Reason: 2FA bomber

Malware Research

14 Oct 2024 01:14

Hello @bolajibankole, welcome to the Malware Research group! Please read the pinned message before you post!

Malware Research

13 Oct 2024 11:55

This is from event viewer is this referring to quasar malware ? Found nothing documenting this event

Malware Research

12 Oct 2024 10:29

According to DEF CON, Grinberg "refused to leave, demanding that our security team remove him," a request they were all too happy to oblige. "We complied with his wishes and escorted him off the stage, where he was free to continue attending the conference."

Malware Research

10 Oct 2024 11:19

New FedBan
Fed: Libra's Empire
FedAdmin: ❤🦦
User: Александр Мельников
User ID: 6307487989
Reason: upgrade to scam instead of spam

Malware Research

09 Oct 2024 18:17

Hey guy's "SmuggleSheild" stable version is out on Chrome web store do give a try and share your feedback. The extension aims to block basic HTML smuggling attacks.
https://x.com/RandomDhiraj/status/1844047688427586011

Malware Research

09 Oct 2024 15:24

https://www.404media.co/telegram-confirms-it-gave-u-s-user-data-to-the-cops/?s=09

Malware Research

09 Oct 2024 01:18

No, not the same. Rizin and Cutter diverged from Radare2 significantly at this point. The fork happened many years ago

Malware Research

08 Oct 2024 18:16

New FedBan
Fed: Libra's Empire
FedAdmin: ❤🦦
User: ALPHA115
User ID: 7547738073
Reason: illegal activity

Malware Research

18 Oct 2024 17:02

first sample on any.run, second sample nowhere to be found

Malware Research

17 Oct 2024 16:15

New FedBan
Fed: Libra's Empire
FedAdmin: ❤🦦
User: 阿 芳
User ID: 6680919520
Reason: illegal activity

Malware Research

17 Oct 2024 08:57

You know any tool that can detect these kinds of files?

Malware Research

17 Oct 2024 08:44

Hi all,
I was going through an EC-Council forensic course and came across anti forensic techniques alternate data streams. Is there any way that we can use some forensics tools to find out and identify these kinds of files and any anti-virus or EDR/XDR tools can detect this kind of files?

Malware Research

16 Oct 2024 14:51

New FedBan
Fed: Libra's Empire
FedAdmin: ❤🦦
User: Devil
User ID: 7949041408
Reason: illegal activity

Malware Research

14 Oct 2024 13:03

FedBan Reason update
Fed: Libra's Empire
FedAdmin: ❤🦦
User: Smithy
User ID: 1382864004
Previous Reason: 2FA bomber
New Reason: phisher

Malware Research

14 Oct 2024 02:08

Thank you for your response, and this is from the system event log. I tried doing AV scans, checking autoruns found nothing, tried googling the event found nothing about «quasar » beside the rat

Malware Research

13 Oct 2024 20:04

Netwtw10 is the source? Application event log?

If yes, from Googling about Netwtw10, it's related to Intel wifi driver

Suggest that you troubleshoot from there (e.g. search for "quasar" on your system) and see if there are any hits

If you want to eliminate malware first, maybe head to https://malpedia.caad.fkie.fraunhofer.de/details/win.quasar_rat and read about the RAT's behaviour, find rules/signatures that may potentially detect it

Malware Research

12 Oct 2024 17:43

So yes he was to a extent

Malware Research

12 Oct 2024 06:51

was anyone at defcon this year? was the badge developer actually removed when he was protesting for non payment?

Malware Research

09 Oct 2024 23:14

New FedBan
Fed: Libra's Empire
FedAdmin: alex 27
User: Xghilsc bUP
User ID: 7208517432
Reason: skid

Malware Research

09 Oct 2024 17:29

Hello Laresh, welcome to the Malware Research group! Please read the pinned message before you post!

Malware Research

09 Oct 2024 11:40

Hello Royal, welcome to the Malware Research group! Please read the pinned message before you post!

Malware Research

08 Oct 2024 21:32

Is cutter/rizin != Radare2?

Malware Research

08 Oct 2024 17:38

Any one want cypher rat with 5$ only??100% reliable and we have not received any report