Author: 0verfl0w_

  • Blog
  • Author: 0verfl0w_
Quack Quack: Analysing Qakbot’s Browser Hooking Module – Part 1

Quack Quack: Analysing Qakbot’s Browser Hooking Module – Part 1

Qakbot is one of the most notorious malware families currently operating, and dates back to around 2007. It is primarily focused around stealing banking information and user credentials, however with the huge jump in ransomware popularity among threat actors, Qakbot has been seen to drop Egregor and the ProLock ransomware. As it is primarily operated

Read More
New TA402/MOLERATS Malware – Decrypting .NET Reactor Strings

New TA402/MOLERATS Malware – Decrypting .NET Reactor Strings

It’s sure been a while since the last post! We’ve gone through several iterations of website design over the past few months (plus fixing all the malformed images due to the theme transfer), but should be back for good now! For this commemorative post, we’ll be diving into a recently discovered malware sample known as

Read More
Unpacking Malicious DLLs – IcedID

Unpacking Malicious DLLs – IcedID

So recently I’ve been reverse engineering the newest version of IcedID (the version hiding encrypted payloads and other data inside PNGs), and I came across a post by Malware-Traffic-Analysis about IcedID being downloaded by malspam typically responsible for downloading ISFB. This particular infection chain was interesting, as the Word Document drops a script file to

Read More
Statically Reverse Engineering Shellcode: Emulation

Statically Reverse Engineering Shellcode: Emulation

This post is a continuation from my last one, where we reverse engineered the second stage of the shellcode, and replicated the API hashing routine. If you haven’t checked out that post, you can check it out here, and the one before that here! In this post we’re going to be writing an emulator for

Read More
Statically Reverse Engineering Shellcode Techniques: Stage 2

Statically Reverse Engineering Shellcode Techniques: Stage 2

Welcome back! If you haven’t checked out my last post on reverse engineering shellcode techniques, you can check it out here! This time we’re taking a look at stage 2 of the shellcode, which we previously decrypted using IDAPython in the last post. We’re going to be covering quite a lot this week, so if

Read More
Statically Reverse Engineering Shellcode Techniques: Stage 1

Statically Reverse Engineering Shellcode Techniques: Stage 1

It’s been a while since I posted a blog aimed at beginners in terms of reversing techniques for analyzing malware, rather than a “how-does-it-work” type post, so for this blog post I decided to focus on concepts tied very closely to malicious software, such as shellcode, (recognizing and implementing) encryption algorithms, and so on. I

Read More
Receive the latest news

Subscribe & Stay Tuned

Stay updated on new course releases and related InfoSec content