Yet another Malicious Android Apps targeting Malaysian
In this post, we will be discussing a disturbing new trend in malicious Android apps that have been targeting users in Malaysia. These apps, which have been disguised as legitimate services such as Cleaning service, have been found to contain SMS stealer and banking credential phishing capabilities, putting the sensitive information of their vic...
Building Offensive Malicious Documents
Generally, the attacker will use the below techniques in leveraging Microsoft Office features and vulnerabilities:
Exploits
Macros
Remote template injection and many more…
In this post, we will learn various techniques on how to make malicious documents that can execute our malicious code. Of course, to make it simple we will just run ...
Checklist: Windows Malware Analysis
Introduction
When doing an analysis or investigation on a malware, what is the important things to solve or to answer in analysing the malware?
This checklist may help us to determine what is the goal when we’re doing a malware analysis on a malware, so it can avoid us from reversing/analysing part of the malicious code that does not important ...
UPX manual unpack: ELF and EXE
Introduction
Recently, I’ve come across a Golang malware sample which have been packed by UPX. The sample was made to be cannot be unpack using UPX tool. So, I thinks it’s good to write a blog/note to explain how the UPX manually unpacking works.
UPX tool doesn’t work
In the figure below, there are certain situation when the malware author make...
Malware 101: Develop and Analyze our own malware
In this post, we’ll learn together how to write a basic malware program that does a reverse shell connection (using shellcode) and analyze our own compiled malware. We’ll play around with C code using Visual Studio IDE and MSVenom for the creation of the shellcode. The maldev and malware reversing is only for education purpose only!
Malware dev...
Powershell 101 in Malware Analysis
PowerShell attacks are currently the popular weapon of alternative for several of those attacks as a result of it provides variety of techniques for bypassing existing security. Not least of all, the flexibility to run directly in memory and remotely download payloads gave a lot of benefits to attacker.
Let’s learn a little bit about Powershell...
Lemon-Duck Powershell: An easy way to deobfuscate it!
I came across a fileless malware called Lemon-Duck crypto miner during our (my officemate and I) investigation on suspicious communication in our client network. This malware completely leveraging the PowerShell module to execute most of their payloads.
PowerShell attacks are currently the popular weapon of alternative for several of those atta...
Cheat-Sheet: Malicious Document Analysis
OneNote Analysis
Download the OneNoteAnalyzer from the release page in GitHub.
Run OneNoteAnalyzer.exe --file malware.one then it will extract the malicious script from the OneNote file.
D:\OneNoteAnalyzer>OneNoteAnalyzer.exe --file "AgreementCancelation_395076(Feb08).one"
________ _______ __ _____ ...
15 post articles, 2 pages.