🏷️ All Tags

Intro

Today we’re looking at an entirely different Rhadamanthys sample to pt1 and pt2 but with similarities. The payload is still an infostealer, however some different techniques have been …

Intro

We’re back. When we left this sample in part one, we had:

• Extracted files from the original .msi installer
• Dynamically analysed the obfuscated JavaScript file
• Spoofed anti-debugging call …

Intro

I was randomly browsing AnyRun looking for something to poke at, when I came across this. The URL being scanned was hxxps://anysoft[.]click, which appeared to redirect to a file hosted on …

TL;DR I dive into an SEO poisoning campaign delivering the Bumblebee loader, analyse a trojanised MSI pretending to be NirSoft software, and explore DLL sideloading in depth — including a hands-on …

There’s been an apparent resurgence of fake CAPTCHA style malware delivery in the recent months. This is a fairly clever way of having a user unknowingly executable malicious code. In this post, …

Sandbox Surfing

It’s been a while since I’ve done one of these, but I had some time and thought I’d do quick analysis of whatever random file I found on public submissions of …

Bitter (APT)

Saw a tweet with a .chm file showing 0 detections on VT and decided to check it out. TL;DR - I learned that the malware does nothing additional that the tweet didn’t already show, …

Strela Stealer

I decided to grab a random malware sample from any.run and have a bit of a poke around. The file I chose from public submissions has the following details:

• MD5: …

Introduction

SpookyLicense is an “easy” reverse engineering challenge offered by HackTheBox, with “easy” in quotes as this one took me a considerable amount of effort. I am fairly new to reversing …