This is a collection of our raw research notes. Each post is generated from a Jupyter Notebook that can be found in our GitHub Research repository. Notes may contain errors, spelling mistakes, grammar mistakes, and incorrect code. Please keep in mind these are all rough drafts. Pull requests are welcome!

Notes

• Latrodectus

  Extracting new AES encrypted strings from this RAT

  Sep 30, 2024

• Emmenhtal

  Peeling the layers of this polyglot loader

  Sep 16, 2024

• AutoIt Credential Flusher

  Forcing users to enter credentials so they can be stolen

  Sep 11, 2024

• Zharkbot Strings

  Extracting strings from this downloader

  Sep 2, 2024

• Python Hunting

  Triaging this unknown python stealer with some breakpoints

  Aug 26, 2024

• Emulating Themida

  Simple poc emulator for virtualized code

  Jul 12, 2024

• Zharkbot In A RUST Shell

  Taking a look at this updated ZharkBot in a rust packer

  Jul 7, 2024

• Python Malware Triage - Creal Stealer

  A Few Tips To Help With PyInstaller And Friends

  May 12, 2024

• COSMU File Infector

  Extracting hitchhikers from this 10 year old file infector

  Apr 28, 2024

• Lumma Stealer Obfuscation

  Taking a look at obfuscation in the latest version of lumma

  Apr 7, 2024

• New Gcleaner

  A look into the the gcleaner backend

  Mar 17, 2024

• GitHub Bug Used to Infect Game Hackers With Lua Malware

  Triaging this elaborate infection chain

  Mar 3, 2024

• VM Reverse Engineering Part 2 - Disassembly

  Wring a simple disassembler for our VM instruction set

  Jan 21, 2024

• Introduction To VM Protection - VMZeus

  Reverse Engineering VM obfuscation

  Jan 7, 2024

• DanaBot Core

  Taking a look at a new version of the DanaBot Core

  Dec 17, 2023