A new MuddyWater APT campaign spreads Backdoor RAT

MuddyWater is an APT group that has been active throughout 2017, targeting victims in the Middle East with in-memory vectors leveraging on Powershell. In October 2018, Kaspersky Lab has already published a good analysis report on the malwares by this APT group. Here I am publishing...

Read More

Flare-On Challenge 2018 Writeup

Flare-on is an annual CTF challenge organized by Fire-eye with a focus on reverse engineering. Overall, there were 12 challenges to complete similar to the last year 2017. Instead of the detailed write-up, I am just covering the important parts. Following are the instructions to solve these challenges: 1....

Read More

Analysis of Noblis In-dev Ransomware

Noblis is in-development ransomware which is built in python and packed by PyInstaller. You can refer my previous blog to know how to identify and reverse python built execuctables. We have following sample: Hash : 3BEEE8D7F55CD8298FCB009AA6EF6AAE [App.Any] The sample is UPX packed, after unpacking...

Read More

Analysis of File-Spider Ransomware

MD5: de7b31517d5963aefe70860d83ce83b9 [VirusTotal] FileName: BAYER_CROPSCIENCE_OFFICE_BEOGRAD_93876.doc FileType: MS Word Document The Word file has embedded macro. When you look into macro code, you will find below snippet. Private Function decodeBase64(ByVal strData As String) As Byte() Dim...

Read More