PinnedUnpacking Matryoshka: What the History Means for Russian CybercrimeMore and more cyber-attacks incidents have occupied the headlines. A man, wearing a hoodie and sitting behind a computer, hacks the world…Mar 25, 2021Mar 25, 2021
Two duplicated but defected keys among the Avaddon ~3000 released private keysJun 12, 2021Jun 12, 2021
Dive into anti analysis of Emotet loaderWe discussed the cryptor in the previous post. As for the loader part, we are going to document some carefully designs, which are use to…Mar 31, 2019Mar 31, 2019
Dive into recent Emotet’s cryptorSample – 7a305cbbe2a950663827953cf398078d7b18baa4Mar 25, 2019Mar 25, 2019
Pegasus Source Code Analysis NotesThe leak and background: https://malware-research.org/carbanak-source-code-leaked/Feb 15, 2019Feb 15, 2019
A Study on ConfuserEx Control Flow Flattening TechniqueRecently, I came across an infostealer malware called HawkEye. HawkEye is written in C#. In this post, I’m going to sahre the control flow…Jan 16, 20191Jan 16, 20191
How to analysis TrickBot PoS Module w/ Labled Data Structure in IDAProBackgroundJan 10, 2019Jan 10, 2019
Decrypting EMOTET’s strings using IDAPythonEMOTET is a crime ware loader. The affiliates are — TrickBot, Zeus Panda, IceID, and so on. US-CERT has published alert on the malware in…Jan 8, 2019Jan 8, 2019