ςεяβεяμs - мαℓωαяε яεsεαяςнεя
@c3rb3ru5d3d53c
💕 Malware Hunter Killer 💕
#binlex & #mwcfg Developer
📽️ YouTuber
👩💻 She/Her
💍@DravenSwiftbow
Support my work 👇
☕️ https://t.co/SfTI8uJa23
ID:3413126416
https://c3rb3ru5d3d53c.github.io/ 10-08-2015 16:51:46
20,1K Tweets
20,7K Followers
236 Following
ςεяβεяμs - мαℓωαяε яεsεαяςнεя Fascinating stream. I am picking at NSIS / GuLoader right now. Here is a script to build a 7zip Ubuntu package with NSIS script decompiler enabled. The resulting .deb can be kept on file to install where needed. gist link in reply.
There is a bunch of websites currently #compromised with #FakeUpdate malware.
Most notably:
ecowas[.]int ( Ecowas - Cedeao ECOWAS Centre for Surveillance and Disease Control ECOWAS Bank for Investment and Development (EBID) )
icef[.]com (@ICEFglobal)
and
fup[.]edu[.]co ( @La_Fup)
a full list of compromised sites can be found here:
github.com/Gi7w0rm/Malwar…
RE tip of the day: When the debugger is attached, it creates at least one thread as part of the malware process. Malware can call SuspendThread/NtSuspendThread APIs to affect this auxiliary thread and incapacitate the debugger.
#infosec #cybersecurity #malware #reverseengineering
What a great opportunity for a #BinaryRefinery showcase!
xt exe | xt | push [
| bat
| carve -d string
| iffs =
| b64
| pop k i
| carve -sd b64
| aes --iv=eat:i eat:k
| zl
| peek -mm ]
📌 github.com/binref/refiner…
The xz backdoor just got even *more* interesting… (h/t Filippo Valsorda @filippo.abyssdomain.expert )