asuna amawakaininsomniacsAnalysis Walkthrough: APT32’s {79828CC5–8979–43C0–9299–8E155B397281}.dllIt has been some time since I did any reverse engineering! Time to refresh? And so I reached my hand into my stash of old malware…Jun 23, 2022Jun 23, 2022
asuna amawakaininsomniacsIt’s a BEE! It’s a… no, it’s ShadowPad.Analysis walkthrough of ShadowPad variant 2020/2021 that comes with anti-reversing obfuscation. This sample appears to be a Test…by who?Nov 19, 2021Nov 19, 2021
asuna amawakaininsomniacsQuarians, Turians and…QuickHealI was expecting to find an Asari or Salarian variant of this malware family, but it turned out that they are all QuickHeals.Aug 29, 2021Aug 29, 2021
asuna amawakaininsomniacsA Look into SUNBURST’s DGAMy attempt at a script that decodes all of SUNBURST’s DGA strings :)Dec 20, 2020Dec 20, 2020
asuna amawakaininsomniacsDo you want to bake a donut? Come on, let’s go update~ Go away, Maria.Malware Analysis of Malicious RTFs and DonutLoader DLLs that lead to deployment of AVEMARIA. Open source research leads us to the Donot…Nov 30, 2020Nov 30, 2020
asuna amawakaininsomniacsJournal: FlareOn7 (Part3)This is the last part of the series :)Oct 31, 2020Oct 31, 2020
asuna amawakaininsomniacsJournal: FlareOn7 (Part 2)Continue walking with me on levels 7–9…Oct 25, 2020Oct 25, 2020
asuna amawakaininsomniacsJournal: FlareOn7 (Part 1)Walk with me through my approach to the challenges in FlareOn7 :)Oct 24, 2020Oct 24, 2020
asuna amawakaininsomniacsWhat happened between the BigBadWolf and the Tiger?Looking into a Gh0stRAT variant controller/builder called 大灰狼 (BigBadWolf) and a YARA rule on “s.exe variant seen in Op Iron Tiger”.May 20, 2020May 20, 2020
asuna amawakaininsomniacsShadows with a chance of BlackNixA long post on analysis of a variant of BlackNix RATs, which are delivered by a dropper with mutex strings associated with Winnti Group.May 6, 2020May 6, 2020
