This is a collection of our raw research notes. Each post is generated from a Jupyter Notebook that can be found in our GitHub Research repository. Notes may contain errors, spelling mistakes, grammar mistakes, and incorrect code. Please keep in mind these are all rough drafts. Pull requests are welcome!

Notes

• Angr Control Flow Deobfuscation

  Learning about Angr for deobfuscation

  Mar 26, 2022

• Pandora Ransomware

  Analysis of Pandora ransomware including some fun unpacking

  Mar 19, 2022

• BlackCat Ransomware

  Analysis of new BlackCat ransomware with encrypted config

  Mar 16, 2022

• Hermetic Wizard Malware

  Analysis of the Hermetic Wizard malware used to spread Hermetic Wiper in the Ukrainian cyber attacks

  Mar 10, 2022

• Conti Ransomware V2 Source Code Leak

  Analysis of the leaked Conti Ransomware source code

  Mar 3, 2022

• Hermetic Wiper Malware

  Analysis of the wiper malware using in the Ukrainian cyber attacks

  Feb 27, 2022

• Reversing Unknown Polyglot JPG Downloader

  Analysis of polyglot downloader resulting in possible Gh0st Cringe or Gh0st RAT payload

  Feb 20, 2022

• Jupyter Infostealer

  Analysis of Juptyer Infostealer / Solarmarker Backdoor

  Jan 30, 2022

• HackingTeam Soldier Implant

  Unpacking VMProtect Soldier Implant

  Jan 27, 2022

• WhisperGate Malware

  Analysis of the WhisperGate malware delivery chain

  Jan 20, 2022

• Night Sky Ransomware

  Analysis of Night Sky Ransomware

  Jan 6, 2022

• Qakbot / Qbot

  Qakbot config extraction

  Dec 22, 2021

• Dridex (DoppelDridex) Loader

  Analysis of the DoppelDridex loader

  Nov 30, 2021

• Emotet Config Extractor

  Static config extractor for Emotet

  Nov 18, 2021

• BlackMatter Ransomware ESXi ELF Config

  Extracting the config from Blackmatter ESXi ELF Encryptors

  Nov 5, 2021