Category: Malware Analysis

• December 7, 2024

  Safecracker – Hack The Box

  Safecracker is an insane difficulty set of malware analysis challenges based on a ransomware virus. The description is “We recently hired some contractors to continue the development of our Backup services hosted on a Windows server. We have provided the contractors with accounts for our domain. When our system administrator recently logged on, we found…
• November 6, 2024

  Lockpick4.0

  Lockpick4.0 is an insane difficulty set of malware analysis challenges based on a ransomware virus. The description is “Forela.org’s IT Helpdesk has been receiving reports from employees experiencing unusual behaviour on their Windows systems. Within 30 minutes, the number of affected systems increased drastically, with employees unable to access their files or run essential business…
• November 5, 2024

  Lockpick3.0

  Lockpick3.0 is a hard difficulty set of malware analysis challenges based on a ransomware virus. The description is “The threat actors of the Lockpick variant of Ransomware seem to have increased their skillset. Thankfully on this occasion they only hit a development, non production server. We require your assistance performing some reverse engineering of the…
• November 4, 2024

  Lockpick2.0

  Lockpick2.0 is a hard difficulty set of malware analysis challenges based on a ransomware virus. The description is “We’ve been hit by Ransomware again, but this time the threat actor seems to have upped their skillset. Once again a they’ve managed to encrypt a large set of our files. It is our policy NOT to…
• November 3, 2024

  Lockpick

  Lockpick is an easy difficulty set of malware analysis challenges based on a ransomware virus. The description is “Forela needs your help! A whole portion of our UNIX servers have been hit with what we think is ransomware. We are refusing to pay the attackers and need you to find a way to recover the…
• November 1, 2024

  Subatomic Part 2

  If you have not read part one, go do it here. https://bu5hv1p3r.wordpress.com/2024/10/31/subatomic-part-1/ In this part we will be deobfuscating the malware and answering the rest of the questions. In the last post we ended with the obfuscated javascript program. I originally tried to run it with the node modules that came with it when I…
• October 31, 2024

  Subatomic Part 1

  Subatomic is a medium difficulty set of malware analysis challenges based on a virus passed around Discord. The description is “Forela is in need of your assistance. They were informed by an employee that their Discord account had been used to send a message with a link to a file they suspect is malware. The…
• June 29, 2024

  Turning Assembly Into Shellcode

  Have you found a program vulnerable to a buffer overflow attack and need to craft some shellcode to exploit it? Well, this is the post for you. For this tutorial I am writing the assembly for x86_64 NASM on Linux with Intel syntax. With that out of the way, let’s get into it. First, we…
• April 19, 2024

  Gh0st RAT Dropper Malware Analysis

  SHA256:09a1c17ac55cde962b4f3bcd61140d752d86362296ee74736000a6a647c73d8c I was looking for an interesting and simple malware sample to analyze and I came across this simply named “0.exe”. I was able to get the second stage of this malware since it is included in the dropper and not downloaded from the internet like the last malware I analyzed. Much to my surprise,…
• April 18, 2024

  1.exe Malware Analysis

  SHA256:a5e39316d1b2e8dbcc12684a1bd8d8b9fb6edf2f2ab75a5eddcaf2ab1c609a0a 1.exe is a pretty simple dropper from around 2016. It is the first true malware I have gone through and analyzed and I would like to share what I found. As is tradition, I will first run the file command on the executable. Nothing too interesting here, let’s now open it up in Binary…