Search timeline

People

Follow
Breaker of software|GSE #150|CTI/DFIR/malware| Director of CTI| contrib| faculty|Stuff: jake at malwarejake dot com|He/him
Follow
أَشْهَدُ أَنْ لَا إِلَهَ إِلَّا اللَّهُ وَحْدَهُ لَا شَرِيكَ لَهُ وَأَشْهَدُ أَنَّ مُحَمَّدًا عَبْدُهُ وَرَسُولُهُ Cyber Security 🐱💻 ( Retired Hacker )
Follow
Sharing information on malicious network traffic and malware samples
#Malware analysis tip: You can automatically extract certain files hidden inside an image file (steganography) using 7zip, such as this PK file hidden inside a JFIF image. Remove the file extension and extract with 7z, and 7z will attempt to locate embedded files and extract 🥳
Image
Image
35
#AgentTesla #malware uses encrypted resources to store payloads. You can decode them by manually generating the DES key and decrypting using #cyberchef 🕵️ Save resource -> generate md5 -> Trim md5 key to 8 bytes -> Load file into cyberchef -> DES Decrypt = Decoded 2nd Stage 🤠
Decryption logic in the original .NET file.
Manually generating the DES key, using bytes found in the .NET
Locating and Saving the resource file
DES Decryption logic
130