0verney Crackme Write up
Looking past the entry The start of this executable is as show
Post 📝
CryptBot Malware Report
Background CryptBot is an Info-Stealer malware that has been making its rounds this year, 2022, distributed via cracked software and sketchy websites.
SmokeLoader Unpacking Series
In this report, I will demonstrate the methods to unpack a SmokeLoader executable manually.
REvil Malware Analysis
Summary This report is on the Ransomware as a Service REvil, detailing their techniques, any changes to previous samples they used and their obfuscation techniques.
HackTheBox Reminiscent Writeup
Getting Started So for this summer, I decided to focus a little more on the offensive side of cybersecurity.
Black Basta Ransomware Analysis
Introduction Black Basta ransomware hit American Dental Association on the weekend of the week of 4/17, 2022.
Danofred's Simple CrackMe WriteUp
Author: ByridianBlack Challenge Won: April 18th, 2022 Author of Challenge: Danofred
LIKEAHORSE Malware Report. Uncovering its Secrets
Introduction LIKEAHORSE is ransomware that garnered news in January, but while it was looked at, I have found no actual report on its features and abilities online.
Mevlbkxshp Powershell Script Malware Analysis
Introduction Mevlbkxshp is a PowerShell script categorized as a dropper. This malware has many features, most of which are obfuscation techniques and some properties that make it semi-fileless.
Darkside Malware
Darkside is ransomware notorious for attacking high-profile industrial control systems and facilities.
Discord Troll Malware
For the past few years, Discord has been a hub for spreading malware, and while they have done much to crack down on this spread, the problem is still prevalent.
DiffuseGravity
Introduction VB6 compiler can be treated as a packer because of its translation from what is known as P-code into assembly code.
Good Malware
Good.exe Sha256: 90d3580e187b631a9150bbb4a640b84c6fa990437febdc42f687cc7b3ce1deac Md5 : b034e2a7cd76b757b7c62ce514b378b4 Sha1 : 27d15f36cb5e3338a19a7f6441ece58439f830f2 Analysis Initially this piece of malware was UPX packed as shown in the following Figure
Invicea Tunnel Malware Analysis
Initial Analysis & Outside Research Not much is known about this malware or at least not much research has been done on it.
VBS Dropper Script for Nanocore RAT. Fileless Properties.
Introduction This piece of malware had some fileless malware properties, but because it copied itself to disk, it cannot be categorized as fileless malware.
Poweliks Malware Analysis
Introduction I have recently been interested in fileless malware and the different approaches authors have when executing them.
VBS APT34 Dropper Analysis
Introduction VBS scripts are malicious codes that can contain PowerShell commands that can severely damage the victim machine.
Win32/InfoStealer Dexter Malware
Introduction Win32/InfoStealer.Dexter is part of a family of malware to steal information such as credit card numbers, passwords, or various techniques.