Malware Analysis

Malware Analysis

RedLine Infection Chain Step 1

🔍 Dive into the RedLine Stealer Infection Chain – Part 1

turned_in_notCyberChef, Infostealer, LNK, Malware Series, mshta, PowerShell, RedLine, VBScript
RedLine Stealer Infection Chain: Zip ➡️ LNK PS ➡️ mshta (URL1) ➡️ PS ➡️ cmd ➡️ PS ➡️ URL2 ➡️ exe What’s Inside: LNK using \W*\\2\\msh*e to dodge detection VBScript analysis using CyberChef & Wscript.Echo Utilize CyberChef recipe to decode VBScript & PowerShell How to deobfuscate PowerShell with PowerShell logging…
Read More
AsyncRAT CyberChef Recipe last step

AsyncRAT config decryption using CyberChef – Recipe 0x2

turned_in_not.NET, AsyncRAT, Config, CyberChef, CyberChef Recipe, RAT, Remote Access Tool
In the realm of malware analysis, tools like CyberChef play a pivotal role. One of the challenges that malware analysts often face is decrypting configurations of Remote Access Trojans (RATs) like AsyncRAT. This article provides a step-by-step guide on how to decrypt AsyncRAT configurations using CyberChef. Decrypting AsyncRAT ConfigurationsAsyncRAT is…
Read More
Distribution of JAR appended to signed MSI

Interesting tactic by Ratty & Adwind for distribution of JAR appended to signed MSI – CVE-2020-1464

turned_in_notAdwind, binwalk, Bytecode Viewer, CVE-2020-1464, file, Glueball, IoCs, JAR, Java, MSI, RAT, Ratty, xxd, Yara, ZIP
This article discusses an interesting tactic actively used by different Java RAT malware authors like Ratty & Adwind  to distribute malicious JAR appended to signed MSI files. This technique was discovered by VT Team in Aug 2018[9] but that time it was not used by malware authors to distribute malicious…
Read More