Security through explanation
First and foremost I’d like to thank Jacob Pimental since he posted the initial lead, after which we joined forces to dive into this case. In his now deleted Tweet, he asked if anybody could help out with a potential credit card skimmer on the OlympicTickets2020 website. Background information Before diving into this case, I’ll … Read more
Additions The analysis of a Linux based DDoS tool named Corona has been added to the malware analysis chapter. To contact me, you can e-mail me at [info][at][maxkersten][dot][nl], send me a PM on Reddit or DM me on Twitter @LibraAnalysis.
Additions A new article has been added in the Binary types chapter, named Browser plug-in. To contact me, you can e-mail me at [info][at][maxkersten][dot][nl], send me a PM on Reddit or DM me on Twitter @LibraAnalysis.
Additions A new article has been added in chapter 4, regarding the analysis of the Emotet banking trojan. Updates Two new books have been added to the resources: the C Programming Language (written by Brian W. Kernighan and Dennis M. Ritchie) and Practical Malware Analysis (written by Michael Sikorski and Andrew Honig). To contact me, … Read more
Additions A new article has been added in chapter 4, regarding the analysis of a malicious LNK dropper To contact me, you can e-mail me at [info][at][maxkersten][dot][nl], send me a PM on Reddit or DM me on Twitter @LibraAnalysis.
Additions A new article has been added in chapter 4, regarding the analysis of an obfuscated Powershell sample To contact me, you can e-mail me at [info][at][maxkersten][dot][nl], send me a PM on Reddit or DM me on Twitter @LibraAnalysis.
Additions A new article has been added in chapter 4, regarding the analysis of an Android SMS stealing sample Updates Fixed a mistake in the Crash course based on the feedback of noxosd To contact me, you can e-mail me at [info][at][maxkersten][dot][nl], send me a PM on Reddit or DM me on Twitter @LibraAnalysis.
Additions A new article has been added in chapter 4, regarding the analysis of a Dot Net RAT Updates Altered the Android file types article to clarify the codebase section based on the feedback of GuyWizStupidComments To contact me, you can e-mail me at [info][at][maxkersten][dot][nl], send me a PM on Reddit or DM me on … Read more
This is the first Malware Analysis I’ve posted, more will follow in the future. The malware has two layers of encryption which I’ve decrypted and analysed. In the report is a link to my Github repository for an automated decryption tool. The report can be downloaded here.