Malware DancerMalicios Word document analysisToday I have started my malware analisys from getting the sample from virusshare.com. Output of file command states that this is XML…Jul 2, 2020Jul 2, 2020
Malware DancerNano Core — how to make automatic dissasembler analysis to failOne of the top samples send to app.any.run is tagged as #NanoCore. Because of that I wanted to have a look inside this malware. At first I…Jul 2, 2020Jul 2, 2020
Malware DancerHow to get interesting payload from Emotet C2 server?Since I am still interested in how Emotet works underneath I wanted to introduce a way to intercept traffic which is exchanged by Emotet…Jun 22, 2020Jun 22, 2020
Malware DancerEmotet malware — dive into sampleEmotet — dumping executable from memory to C2 communicationJul 30, 2019Jul 30, 2019
Malware DancerLockerGoga — networking part and crypto partI am still reversing LockerGoga sample. This time I want to focus on network part. You would ask why ransomware even need networking part…May 23, 2019May 23, 2019
Malware DancerLockerGoga — input arguments, IPC communication and othersI wanted to see the real ransomware in the action, so I got LockerGoga sample from app.any.run. Then I have run exe file with opened…May 23, 2019May 23, 2019