Catégories
Challenges Malware Analysis

Z2A Challenge 0x3 | Danabot Delphi Loader

Dans le cadre du challenge Zero2Automated maintenant distribué toutes les 3 semaines, l’objectif était de développer un script permettant d’extraire les adresses IP de tout sample Danabot de la même campagne.

Catégories
Challenges Malware Analysis

Z2A Challenge 0x2 | Packed Oski Stealer – Get Lazy !

This week, @OverflOw from Zero 2 Automated course gave us a new challenge. The goal this time is to unpack a sample, find and reverse its string decryption routine and produce a script that will write them into our disassembler.

Catégories
Challenges Malware Analysis

Z2A Challenge | First Stage IcedID

New type of articles on the blog ! This time, @0verfl0w from the Zero2Automated Malware Analysis course gave us biweekly challenges to sharpen our skills in malware analysis and reverse engineering.

The goal is to produce a writeup of the challenge and compare with others to see different perspectives.

Catégories
Malware Analysis

MABR 0x02 | Diving into VIDAR’s vengeance

In the last article, we analysed STOP ransomware and discovered all its features. We saw that it is dropping VIDAR to steal data on victims computers prior to encrypt them. We will now see how VIDAR works. But first, let take a quick look of the executable that STOP dropped before VIDAR.

Catégories
Malware Analysis

MABR 0x02 | DoubleTrouble | In The Core of the Ransomware

During the previous article, we saw the process of unpacking the first stage of the malware. Aside a fairly new anti-debugging technique and process hollowing, this step wasn’t hard. Now that we have successfully unpacked the first stage, let’s jump into it to see its main behaviour.

I will try to be as consice as possible, but trust me, this malware is full of interesting functions.

Catégories
Malware Analysis

MABR 0x02 | DoubleTrouble – Analysis of STOP Ransomware & Vidar Stealer | Unpacking

Back to malware analysis, i recently decided to analyse a completely random sample (as long as it isn’t .NET lol) found on MalwareBazaar, this sample appears to be STOP ransomware.

Catégories
Divers

Why Perestroïka?

Welcome to my personal blog talking about Malwares and Reverse Engineering in general. This article is a quick FAQ about this blog.

Catégories
Malware Analysis

Malware Analysis by a Rookie | 0x01 Emotet Malicious Doc

Après avoir lu beaucoup d’articles concernant les agissements du groupe cyber-criminel Emotet et son malware éponyme, j’ai enfin l’opportunité de l’analyser de mes propres mains, un sample tout frais sorti d’une boîte mail de mon entreprise.

Catégories
Crackme

Résoudre un crack-me simple avec Cutter

Dans ma quête d’apprentissage du reverse engineering, je suis tombé sur ce github avec quelques crack-me en x64 dont le niveau augmente au fur et à mesure.