Side Navigation Bar

@loland

Malware Analysis,
Reverse Engineering,
and all things Cybersecurity.

Posts

  • 2024-03-20 00:00:00 +0000

    Strange Hacking Tool

    Malware sample of unknown category from MalwareBazaar. Just looking to perform a quick analysis and share any interesting findings.


  • Sat, Nov 11, 2023

    Simple Powershell Backdoor (.ps1, shellcode)

    Fresh Powershell sample once again from MalwareBazaar. Decided to perform just a quick analysis, due to lack of free time and a thirst for some raw wild malware.


  • Sun, Sep 17, 2023

    The Inner Workings of Meterpreter (shellcode)

    This blog entry covers personal technical research on the meterpreter staging payload. Meterpreter, as part of the Metasploit framework developed by Rapid7, is a C2 framework used by white and black hats alike.


  • Sun, Sep 17, 2023

    Embedded Shellcode Obfuscation Part 2 (C++)

    A continuation of the previous chapter. We’ll continue to attempt more obfuscation techniques with the same objective of bypassing VirusTotal.


  • Fri, Sep 15, 2023

    Embedded Shellcode Obfuscation (C++)

    In this blog entry, I’ll be playing around with obfuscation techniques to bypass antivirus detection for an embedded meterpreter shellcode. The goal is to run shellcode in the local process, and to minimize VirusTotal flags. Techniques will be incrementally applied to the binary to observe progressive success.


  • Tue, Sep 12, 2023

    Process Injection Techniques (C++)

    In this entry, we will dive into Windows process injection techniques demonstrated by malware. Malware authors deploy process injection to run malicious code under another process.


  • Tue, Sep 12, 2023

    Analyzing FakeSG Malware Campaign Sample (.hta, .ps1)

    FakeSG is an ongoing malware campaign (as of 12 Sep 2023). The campaign aims to compromise websites (most commonly WordPress), which then imitate browser update pages - prompting the user to install and execute a malicious file.


  • Sun, Sep 03, 2023

    Unknown NtShutdownSystem Malware (.exe)

    Yet another sample fresh off MalwareBazaar! (Simply in LOVE with this website).


  • Sun, Aug 27, 2023

    EXTREMELY Unsettling Malware (.exe)

    Back with another malware sample from MalwareBazaar! An executable, this time. With an interesting icon. Performing a Google Image Reverse Search on the icon provides no clues to its origin. Incredibly strange.


  • Wed, Aug 23, 2023

    Analyzing Wild PowerShell Malware (.ps1, shellcode)

    Let’s kickstart this blog with some PowerShell malware! Pulled this sample fresh off MalwareBazaar - no idea what it is. Opening the .ps1 file in VSCode reveals beautifully obfuscated PowerShell code.