Mastodon

Opalsec :verified:Our latest summary is out, looking at an emerging Crypto-theft Trojan and a promising new recovery tool.Stay ahead of the curve and read the full post here: <a href="https://opalsec.io/daily-news-update-sunday-march-31-2025-australia-melbourne/🔗" rel="nofollow noopener" translate="no" target="_blank">https://opalsec.io/daily-news-update-sunday-march-31-2025-australia-melbourne/🔗</a>📱 Crocodilus Android Malware: This nasty piece of work is targeting crypto wallets by using fake overlays to steal seed phrases. It's bypassing security measures and using social engineering to gain access. Watch out for this one, especially if you have users in Turkey and Spain! 🇪🇸 🇹🇷🛠️ Key Takeaways: * 🔑 Steals crypto wallet seed phrases using Accessibility Logger. * ⚠️ Bypasses Android 13 security and Play Protect. * 🤖 Employs 23 bot commands, including call forwarding and RAT functionality. * 📵 Hides activities with black screen overlays and muting.💻 Microsoft's Quick Machine Recovery Tool: Microsoft is testing a new tool for Windows 11 that could be a game-changer for dealing with boot crashes caused by buggy drivers and configurations. Imagine remotely fixing those dreaded BSODs! 🚀✨ Here's the lowdown: * ⚙️ Remotely fixes boot crashes caused by bad drivers/configs. * 🌐 Connects to Microsoft's servers to apply fixes. * 🛡️ Could have made life much easier when recovering from the worldwide CrowdStrike outage from July last year. * 🏢 Customizable for enterprise users via RemoteRemedation CSP.Don't forget to sign up for Opalsec to get actionable insights delivered straight to your inbox! 📩 <a href="https://opalsec.io/daily-news-update-sunday-march-31-2025-australia-melbourne/#/portal/signup" rel="nofollow noopener" translate="no" target="_blank">https://opalsec.io/daily-news-update-sunday-march-31-2025-australia-melbourne/#/portal/signup</a>Let me know your thoughts in the comments below! 👇<a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurity</a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#InfoSec</a> <a href="https://infosec.exchange/tags/AndroidMalware" class="mention hashtag" rel="nofollow noopener" target="_blank">#AndroidMalware</a> <a href="https://infosec.exchange/tags/Crocodilus" class="mention hashtag" rel="nofollow noopener" target="_blank">#Crocodilus</a> <a href="https://infosec.exchange/tags/CryptoSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#CryptoSecurity</a> <a href="https://infosec.exchange/tags/Windows11" class="mention hashtag" rel="nofollow noopener" target="_blank">#Windows11</a> <a href="https://infosec.exchange/tags/Microsoft" class="mention hashtag" rel="nofollow noopener" target="_blank">#Microsoft</a> <a href="https://infosec.exchange/tags/QuickMachineRecovery" class="mention hashtag" rel="nofollow noopener" target="_blank">#QuickMachineRecovery</a> <a href="https://infosec.exchange/tags/ThreatIntelligence" class="mention hashtag" rel="nofollow noopener" target="_blank">#ThreatIntelligence</a> <a href="https://infosec.exchange/tags/MalwareAnalysis" class="mention hashtag" rel="nofollow noopener" target="_blank">#MalwareAnalysis</a> <a href="https://infosec.exchange/tags/SecurityNews" class="mention hashtag" rel="nofollow noopener" target="_blank">#SecurityNews</a> <a href="https://infosec.exchange/tags/CyberThreats" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberThreats</a> <a href="https://infosec.exchange/tags/Vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#Vulnerability</a> <a href="https://infosec.exchange/tags/RiskManagement" class="mention hashtag" rel="nofollow noopener" target="_blank">#RiskManagement</a> <a href="https://infosec.exchange/tags/MobileSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#MobileSecurity</a> <a href="https://infosec.exchange/tags/DataProtection" class="mention hashtag" rel="nofollow noopener" target="_blank">#DataProtection</a> <a href="https://infosec.exchange/tags/infosecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#infosecurity</a>

Tedi HeriyantoHunting ClickFix Initial Access Techniques: <a href="https://detect.fyi/hunting-clickfix-initial-access-techniques-8c1b38d5ef9b" rel="nofollow noopener" translate="no" target="_blank">https://detect.fyi/hunting-clickfix-initial-access-techniques-8c1b38d5ef9b</a><a href="https://infosec.exchange/tags/threathunting" class="mention hashtag" rel="nofollow noopener" target="_blank">#threathunting</a> <a href="https://infosec.exchange/tags/malwareanalysis" class="mention hashtag" rel="nofollow noopener" target="_blank">#malwareanalysis</a> <a href="https://infosec.exchange/tags/detectionengineering" class="mention hashtag" rel="nofollow noopener" target="_blank">#detectionengineering</a>

Ankit BytecodeIn this video, a student from Craw Security discusses how the Six Month Diploma in Information Security Course enabled him to launch a fulfilling career in the field of cyber security.Want to become a cyber security expert? Enroll now - Visit: <a href="https://www.craw.in/learn-information-security-6-month-diploma-training-program-in-delhi" rel="nofollow noopener" translate="no" target="_blank">https://www.craw.in/learn-information-security-6-month-diploma-training-program-in-delhi</a> Call: +91-9513805401 . . <a href="https://mastodon.social/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#cybersecurity</a> <a href="https://mastodon.social/tags/ethicalhacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#ethicalhacking</a> <a href="https://mastodon.social/tags/penetrationtesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#penetrationtesting</a> <a href="https://mastodon.social/tags/malwareanalysis" class="mention hashtag" rel="nofollow noopener" target="_blank">#malwareanalysis</a> <a href="https://mastodon.social/tags/pythonprogramming" class="mention hashtag" rel="nofollow noopener" target="_blank">#pythonprogramming</a> <a href="https://mastodon.social/tags/ethicalhackingindelhi" class="mention hashtag" rel="nofollow noopener" target="_blank">#ethicalhackingindelhi</a> <a href="https://mastodon.social/tags/studentreview" class="mention hashtag" rel="nofollow noopener" target="_blank">#studentreview</a> <a href="https://mastodon.social/tags/students" class="mention hashtag" rel="nofollow noopener" target="_blank">#students</a> <a href="https://mastodon.social/tags/cybersecuritydiploma" class="mention hashtag" rel="nofollow noopener" target="_blank">#cybersecuritydiploma</a> <a href="https://mastodon.social/tags/CrawSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#CrawSec</a> <a href="https://mastodon.social/tags/CrawSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#CrawSecurity</a> <a href="https://mastodon.social/tags/LifeatCraw" class="mention hashtag" rel="nofollow noopener" target="_blank">#LifeatCraw</a> <a href="https://mastodon.social/tags/Craw" class="mention hashtag" rel="nofollow noopener" target="_blank">#Craw</a>

Brian Greenberg🧬 Malware Is Evolving — And So Are the Languages It’s Written In — A new study highlights a growing tactic among malware developers: coding in uncommon languages to evade detection.🔍 Key takeaways: 🔹 Obscure languages like Lisp, Rust, Haskell, Delphi, and Phix are harder for static analysis tools to parse. 🔹 These languages often produce fragmented memory layouts and more indirect execution paths, complicating reverse engineering. 🔹 Even the choice of compiler — like Tiny C or Embarcadero Delphi — impacts how easily malware can be flagged. 🔹 APTs (Advanced Persistent Threats) are increasingly adopting these strategies to fly under the radar.💬 Security teams must broaden their detection capabilities and adapt tooling for these underrepresented programming environments.<a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurity</a> <a href="https://infosec.exchange/tags/ThreatIntel" class="mention hashtag" rel="nofollow noopener" target="_blank">#ThreatIntel</a> <a href="https://infosec.exchange/tags/MalwareAnalysis" class="mention hashtag" rel="nofollow noopener" target="_blank">#MalwareAnalysis</a> <a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#Infosec</a> <a href="https://infosec.exchange/tags/Programming" class="mention hashtag" rel="nofollow noopener" target="_blank">#Programming</a> <a href="https://infosec.exchange/tags/ReverseEngineering" class="mention hashtag" rel="nofollow noopener" target="_blank">#ReverseEngineering</a> <a href="https://infosec.exchange/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#security</a> <a href="https://infosec.exchange/tags/privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#privacy</a> <a href="https://infosec.exchange/tags/cloud" class="mention hashtag" rel="nofollow noopener" target="_blank">#cloud</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#infosec</a> <a href="https://www.theregister.com/2025/03/29/malware_obscure_languages/" rel="nofollow noopener" translate="no" target="_blank">https://www.theregister.com/2025/03/29/malware_obscure_languages/</a>

Christoffer S.(cyfirma.com) Konni RAT Analysis: Multi-Stage Attack Process and Evasion Techniques <a href="https://www.cyfirma.com/research/analysis-of-konni-rat-stealth-persistence-and-anti-analysis-techniques/" rel="nofollow noopener" translate="no" target="_blank">https://www.cyfirma.com/research/analysis-of-konni-rat-stealth-persistence-and-anti-analysis-techniques/</a>Executive Summary: This report provides a comprehensive analysis of Konni RAT, a sophisticated remote access Trojan linked to North Korean cyber espionage group APT37. The malware employs a multi-stage attack process involving batch files, PowerShell scripts, and VBScript to exfiltrate sensitive data and maintain persistence. The attack begins with a zip archive containing a malicious LNK file disguised as a document. The malware exploits Windows Explorer limitations to hide malicious commands and uses obfuscation techniques to evade detection. Key capabilities include data exfiltration from user directories, system information gathering, persistence through registry modifications, and communication with command-and-control servers. The report includes detailed technical analysis of the attack stages, from initial infection to data exfiltration, along with indicators of compromise and YARA detection rules.<a href="https://swecyb.com/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#Cybersecurity</a> <a href="https://swecyb.com/tags/NorthKorea" class="mention hashtag" rel="nofollow noopener" target="_blank">#NorthKorea</a> <a href="https://swecyb.com/tags/APT37" class="mention hashtag" rel="nofollow noopener" target="_blank">#APT37</a> <a href="https://swecyb.com/tags/MalwareAnalysis" class="mention hashtag" rel="nofollow noopener" target="_blank">#MalwareAnalysis</a> <a href="https://swecyb.com/tags/ThreatIntel" class="mention hashtag" rel="nofollow noopener" target="_blank">#ThreatIntel</a> <a href="https://swecyb.com/tags/Malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#Malware</a> <a href="https://swecyb.com/tags/Reversing" class="mention hashtag" rel="nofollow noopener" target="_blank">#Reversing</a>

Pyrzout :vm:Top 3 Cyber Attacks In March 2025 <a href="https://cybersecuritynews.com/top-3-cyber-attacks-in-march-2025/" rel="nofollow noopener" translate="no" target="_blank">https://cybersecuritynews.com/top-3-cyber-attacks-in-march-2025/</a> <a href="https://social.skynetcloud.site/tags/TodayCyberAttackNews" class="mention hashtag" rel="nofollow noopener" target="_blank">#TodayCyberAttackNews</a> <a href="https://social.skynetcloud.site/tags/CyberSecurityNews" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurityNews</a> <a href="https://social.skynetcloud.site/tags/CyberAttackToday" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberAttackToday</a> <a href="https://social.skynetcloud.site/tags/malwareanalysis" class="mention hashtag" rel="nofollow noopener" target="_blank">#malwareanalysis</a> <a href="https://social.skynetcloud.site/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#cybersecurity</a> <a href="https://social.skynetcloud.site/tags/Phishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#Phishing</a> <a href="https://social.skynetcloud.site/tags/phishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#phishing</a> <a href="https://social.skynetcloud.site/tags/ANY" class="mention hashtag" rel="nofollow noopener" target="_blank">#ANY</a>.RUN <a href="https://social.skynetcloud.site/tags/Malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#Malware</a> <a href="https://social.skynetcloud.site/tags/whatis" class="mention hashtag" rel="nofollow noopener" target="_blank">#whatis</a> <a href="https://social.skynetcloud.site/tags/Top10" class="mention hashtag" rel="nofollow noopener" target="_blank">#Top10</a>

Sajid Nawaz Khan :donor:For hobbyist Cobalt Strike Beacon collectors, note that the recently announced 4.11 update introduces a number of changes to frustrate Beacon configuration extraction, namely through the new `transform-obfuscate` field.When set, this field can apply multiple layers of encoding, encryption and compression (with some recent Beacons observed with a 32 byte XOR key, configurable upto 2048 bytes!).While still reasonably trivial to decode manually, standard automated workflows (say, through the SentinelOne parser) will now fail, not least because of changes to the well-known field markers.Beacons with these characteristics have thus far been observed with watermarks indicative of licensed instances, though I imagine it is only a matter of time before the 4.11 capabilities become accessible to all manner of miscreants.A sample configuration, via a staged Beacon on 104.42.26[.]200 is attached, including the three distinct XOR keys used to decode it.<a href="https://www.cobaltstrike.com/blog/cobalt-strike-411-shh-beacon-is-sleeping" rel="nofollow noopener" translate="no" target="_blank">https://www.cobaltstrike.com/blog/cobalt-strike-411-shh-beacon-is-sleeping</a><a href="https://infosec.exchange/tags/cobaltstrike" class="mention hashtag" rel="nofollow noopener" target="_blank">#cobaltstrike</a> <a href="https://infosec.exchange/tags/malwareanalysis" class="mention hashtag" rel="nofollow noopener" target="_blank">#malwareanalysis</a> <a href="https://infosec.exchange/tags/forensics" class="mention hashtag" rel="nofollow noopener" target="_blank">#forensics</a> <a href="https://infosec.exchange/tags/blueteam" class="mention hashtag" rel="nofollow noopener" target="_blank">#blueteam</a>

Sam Bent450+ remote access trojans in one place. The Ultimate RAT Collection is a GitHub repo documenting two decades of malware history. Security research goldmine, if you know what you’re looking at. <a href="https://doingfedtime.com/450-rats-free-ultimate-rat-collection/" rel="nofollow noopener" translate="no" target="_blank">https://doingfedtime.com/450-rats-free-ultimate-rat-collection/</a> <a href="https://mastodon.social/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#infosec</a> <a href="https://mastodon.social/tags/malwareanalysis" class="mention hashtag" rel="nofollow noopener" target="_blank">#malwareanalysis</a> <a href="https://mastodon.social/tags/ethicalhacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#ethicalhacking</a>

Red-Team News [AI]RedLine Stealer malware continues to evolve, targeting browser credentials, crypto wallets, and VPNs. Learn how to detect and mitigate this persistent threat with the latest analysis. <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurity</a> <a href="https://infosec.exchange/tags/MalwareAnalysis" class="mention hashtag" rel="nofollow noopener" target="_blank">#MalwareAnalysis</a> <a href="https://redteamnews.com/blue-team/malware-analysis/redline-stealer-malware-analyzing-the-persistent-data-theft-threat-targeting-credentials/" rel="nofollow noopener" translate="no" target="_blank">https://redteamnews.com/blue-team/malware-analysis/redline-stealer-malware-analyzing-the-persistent-data-theft-threat-targeting-credentials/</a>

Red-Team News [AI]RedLine Stealer malware continues to evolve, targeting browser credentials, crypto wallets, and VPNs. New analysis reveals its infection methods and detection tips. Organizations should prioritize credential rotation and endpoint monitoring. <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurity</a> <a href="https://infosec.exchange/tags/MalwareAnalysis" class="mention hashtag" rel="nofollow noopener" target="_blank">#MalwareAnalysis</a> <a href="https://redteamnews.com/blue-team/malware-analysis/redline-stealer-malware-analyzing-the-persistent-data-theft-threat-targeting-credentials/" rel="nofollow noopener" translate="no" target="_blank">https://redteamnews.com/blue-team/malware-analysis/redline-stealer-malware-analyzing-the-persistent-data-theft-threat-targeting-credentials/</a>

Red-Team News [AI]New analysis reveals Conti ransomware variant Ransom.Win64.CONTI.AA still threatens Windows systems with hybrid encryption & network propagation. Key detection methods and mitigation strategies for defenders. <a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#Cybersecurity</a> <a href="https://infosec.exchange/tags/MalwareAnalysis" class="mention hashtag" rel="nofollow noopener" target="_blank">#MalwareAnalysis</a> <a href="https://redteamnews.com/blue-team/malware-analysis/ransom-win64-conti-aa-analyzing-the-persistent-conti-ransomware-threat/" rel="nofollow noopener" translate="no" target="_blank">https://redteamnews.com/blue-team/malware-analysis/ransom-win64-conti-aa-analyzing-the-persistent-conti-ransomware-threat/</a>

Red-Team News [AI]New analysis: Ransom.MSIL.EGOGEN.THEBBBC is a low-profile but persistent ransomware. It disables Task Manager, avoids VMs, and selectively encrypts files. Key IoCs and YARA rules for detection included. <a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#Cybersecurity</a> <a href="https://infosec.exchange/tags/MalwareAnalysis" class="mention hashtag" rel="nofollow noopener" target="_blank">#MalwareAnalysis</a> <a href="https://redteamnews.com/blue-team/malware-analysis/ransom-msil-egogen-thebbbc-analyzing-a-low-risk-but-persistent-ransomware-threat/" rel="nofollow noopener" translate="no" target="_blank">https://redteamnews.com/blue-team/malware-analysis/ransom-msil-egogen-thebbbc-analyzing-a-low-risk-but-persistent-ransomware-threat/</a>

Lenin alevski 🕵️💻New Open-Source Tool Spotlight 🚨🚨🚨FLARE's FLOSS is a tool that extracts strings from malware, even if they're obfuscated. Unlike standard tools, FLOSS uses emulation and decoding techniques to identify hidden strings, making it invaluable for reverse engineers. It bridges gaps where simple static analysis falls short. <a href="https://infosec.exchange/tags/malwareanalysis" class="mention hashtag" rel="nofollow noopener" target="_blank">#malwareanalysis</a> <a href="https://infosec.exchange/tags/reversing" class="mention hashtag" rel="nofollow noopener" target="_blank">#reversing</a>🔗 Project link on <a href="https://infosec.exchange/tags/GitHub" class="mention hashtag" rel="nofollow noopener" target="_blank">#GitHub</a> 👉 <a href="https://github.com/fireeye/flare-floss" rel="nofollow noopener" translate="no" target="_blank">https://github.com/fireeye/flare-floss</a><a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#Infosec</a> <a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#Cybersecurity</a> <a href="https://infosec.exchange/tags/Software" class="mention hashtag" rel="nofollow noopener" target="_blank">#Software</a> <a href="https://infosec.exchange/tags/Technology" class="mention hashtag" rel="nofollow noopener" target="_blank">#Technology</a> <a href="https://infosec.exchange/tags/News" class="mention hashtag" rel="nofollow noopener" target="_blank">#News</a> <a href="https://infosec.exchange/tags/CTF" class="mention hashtag" rel="nofollow noopener" target="_blank">#CTF</a> <a href="https://infosec.exchange/tags/Cybersecuritycareer" class="mention hashtag" rel="nofollow noopener" target="_blank">#Cybersecuritycareer</a> <a href="https://infosec.exchange/tags/hacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#hacking</a> <a href="https://infosec.exchange/tags/redteam" class="mention hashtag" rel="nofollow noopener" target="_blank">#redteam</a> <a href="https://infosec.exchange/tags/blueteam" class="mention hashtag" rel="nofollow noopener" target="_blank">#blueteam</a> <a href="https://infosec.exchange/tags/purpleteam" class="mention hashtag" rel="nofollow noopener" target="_blank">#purpleteam</a> <a href="https://infosec.exchange/tags/tips" class="mention hashtag" rel="nofollow noopener" target="_blank">#tips</a> <a href="https://infosec.exchange/tags/opensource" class="mention hashtag" rel="nofollow noopener" target="_blank">#opensource</a> <a href="https://infosec.exchange/tags/cloudsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#cloudsecurity</a>— ✨ 🔐 P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 💻🏴‍☠️

LavX NewsDollyWay Malware Campaign Breaches 20,000 WordPress Sites: A Deep Dive into Cybersecurity ThreatsThe DollyWay malware campaign has compromised over 20,000 WordPress sites, evolving into a sophisticated redirection system that poses significant risks to both users and site administrators. As cyber...<a href="https://news.lavx.hu/article/dollyway-malware-campaign-breaches-20000-wordpress-sites-a-deep-dive-into-cybersecurity-threats" rel="nofollow noopener" target="_blank">https://news.lavx.hu/article/dollyway-malware-campaign-breaches-20000-wordpress-sites-a-deep-dive-into-cybersecurity-threats</a><a href="https://mastodon.cloud/tags/news" class="mention hashtag" rel="nofollow noopener" target="_blank">#news</a> <a href="https://mastodon.cloud/tags/tech" class="mention hashtag" rel="nofollow noopener" target="_blank">#tech</a> <a href="https://mastodon.cloud/tags/CyberThreats" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberThreats</a> <a href="https://mastodon.cloud/tags/MalwareAnalysis" class="mention hashtag" rel="nofollow noopener" target="_blank">#MalwareAnalysis</a> <a href="https://mastodon.cloud/tags/WordPressSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#WordPressSecurity</a>

malwr4n6Unlock the power of Mac Evaluation Tool for macOS DFIR and Malware Analysis 🚀 Discover valuable insights and accelerate your investigations! Learn more at <a href="https://www.malwr4n6.com/post/mac-evaluation-tool-for-macos-dfir" rel="nofollow noopener" translate="no" target="_blank">https://www.malwr4n6.com/post/mac-evaluation-tool-for-macos-dfir</a> <a href="https://mastodon.social/tags/DFIR" class="mention hashtag" rel="nofollow noopener" target="_blank">#DFIR</a> <a href="https://mastodon.social/tags/MalwareAnalysis" class="mention hashtag" rel="nofollow noopener" target="_blank">#MalwareAnalysis</a> <a href="https://mastodon.social/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#cybersecurity</a> <a href="https://mastodon.social/tags/macos" class="mention hashtag" rel="nofollow noopener" target="_blank">#macos</a> <a href="https://mastodon.social/tags/apple" class="mention hashtag" rel="nofollow noopener" target="_blank">#apple</a> <a href="https://mastodon.social/tags/digitalforenics" class="mention hashtag" rel="nofollow noopener" target="_blank">#digitalforenics</a> <a href="https://mastodon.social/tags/incidentresponse" class="mention hashtag" rel="nofollow noopener" target="_blank">#incidentresponse</a>

Tedi HeriyantoIntroduction to YARA: <a href="https://blog.ecapuano.com/p/introduction-to-yara" rel="nofollow noopener" translate="no" target="_blank">https://blog.ecapuano.com/p/introduction-to-yara</a><a href="https://infosec.exchange/tags/yara" class="mention hashtag" rel="nofollow noopener" target="_blank">#yara</a> <a href="https://infosec.exchange/tags/malwareanalysis" class="mention hashtag" rel="nofollow noopener" target="_blank">#malwareanalysis</a> <a href="https://infosec.exchange/tags/threathunting" class="mention hashtag" rel="nofollow noopener" target="_blank">#threathunting</a>

Baker Street ForensicsMalChela Updates: New Features and EnhancementsIt’s been just over a week since <a href="https://github.com/dwmetz/MalChela" rel="nofollow noopener" target="_blank">MalChela</a> was initially released and already here have been a number of updates.mStringsIn the previous post, I walked through the new <a href="https://bakerstreetforensics.com/2025/03/09/mstrings-a-practical-approach-to-malware-string-analysis/" rel="nofollow noopener" target="_blank">mStrings</a> function. I think this is one of my favorites so far. It extracts strings from a file and uses Sigma rules defined in YAML against the strings to evaluate threats and align results to the MITRE ATT&CK framework.For fun I pointed it at an old WannaCry sample . I had a proud papa moment at the positive network IOC detection. Check for UpdatesNext came a function to automatically check the GitHub repo for updates and encourage a git pull to grab the latest… because apparently I can’t stop myself and this project will just keep growing, as my sleep keeps dwindling. Personally I found it ironic that you have to update in order to get the update telling you that updates are available… but it will work for all future updates as they come. So go ahead and update why don’t you.Screenshot of MalChela indicating an update is available via git.New File Analyzer moduleMost recently a File Analyzer module has been added. Give it the path to your suspect file and it will return back:<ul><li>SHA-256 Hash</li><li>Entropy (<7.5=high)</li><li>A RegEx detection for packing (mileage may vary)</li><li>PE Header info if it’s a PE</li><li>File Metadata</li><li>Yara Matches (any rules in yara_rules folder in workspace)</li><li>If there’s a positive match for the hash on VirusTotal (leverages the same key as previously in MalChela with the Virus Total / Malware Bazaar lookup)</li></ul>Lastly, you’re given the option of whether or not you want to run strings on the file, or return to the main menu.I really like the idea of using this as a possible first step in static analysis. Run this first and opt for strings. Things look interesting there, throw it into mStrings. Positive match on VirusTotal – use the malware hash lookup and get a more detailed analysis. Use the results from mStrings to craft a YARA rule and add it to your repo for future detections. <a rel="nofollow noopener" class="hashtag u-tag u-category" href="https://bakerstreetforensics.com/tag/dfir/" target="_blank">#DFIR</a> <a rel="nofollow noopener" class="hashtag u-tag u-category" href="https://bakerstreetforensics.com/tag/entropy/" target="_blank">#Entropy</a> <a rel="nofollow noopener" class="hashtag u-tag u-category" href="https://bakerstreetforensics.com/tag/hash/" target="_blank">#Hash</a> <a rel="nofollow noopener" class="hashtag u-tag u-category" href="https://bakerstreetforensics.com/tag/malware/" target="_blank">#Malware</a> <a rel="nofollow noopener" class="hashtag u-tag u-category" href="https://bakerstreetforensics.com/tag/malware-analysis/" target="_blank">#MalwareAnalysis</a> <a rel="nofollow noopener" class="hashtag u-tag u-category" href="https://bakerstreetforensics.com/tag/pe/" target="_blank">#PE</a> <a rel="nofollow noopener" class="hashtag u-tag u-category" href="https://bakerstreetforensics.com/tag/rust/" target="_blank">#Rust</a> <a rel="nofollow noopener" class="hashtag u-tag u-category" href="https://bakerstreetforensics.com/tag/virustotal/" target="_blank">#VirusTotal</a> <a rel="nofollow noopener" class="hashtag u-tag u-category" href="https://bakerstreetforensics.com/tag/yara/" target="_blank">#yara</a>

The DefendOps DiariesMassJacker Malware: A Sophisticated Threat to Cryptocurrency Security<a href="https://thedefendopsdiaries.com/massjacker-malware-a-sophisticated-threat-to-cryptocurrency-security/" rel="nofollow noopener" translate="no" target="_blank">https://thedefendopsdiaries.com/massjacker-malware-a-sophisticated-threat-to-cryptocurrency-security/</a><a href="https://infosec.exchange/tags/massjacker" class="mention hashtag" rel="nofollow noopener" target="_blank">#massjacker</a> <a href="https://infosec.exchange/tags/cryptocurrencytheft" class="mention hashtag" rel="nofollow noopener" target="_blank">#cryptocurrencytheft</a> <a href="https://infosec.exchange/tags/malwareanalysis" class="mention hashtag" rel="nofollow noopener" target="_blank">#malwareanalysis</a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#cybersecurity</a> <a href="https://infosec.exchange/tags/clipboardhijacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#clipboardhijacking</a>

Gregg Jaskiewiczit's not smart to leave symbols in your binaries. Especially if you want to keep others from changing them. <a href="https://infosec.exchange/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#security</a> <a href="https://infosec.exchange/tags/malwareanalysis" class="mention hashtag" rel="nofollow noopener" target="_blank">#malwareanalysis</a>

malwr4n6🔍 Understanding <a href="https://mastodon.social/tags/macos" class="mention hashtag" rel="nofollow noopener" target="_blank">#macos</a> <a href="https://mastodon.social/tags/malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#malware</a> is crucial for any professional today.Check out my in-depth guide on analyzing PKG files to enhance your skills in macOS <a href="https://mastodon.social/tags/malwareanalysis" class="mention hashtag" rel="nofollow noopener" target="_blank">#malwareanalysis</a> Analysis: <a href="https://www.malwr4n6.com/post/macos-malware-analysis-pkg-files" rel="nofollow noopener" translate="no" target="_blank">https://www.malwr4n6.com/post/macos-malware-analysis-pkg-files</a><a href="https://mastodon.social/@blacktop" class="u-url mention" rel="nofollow noopener" target="_blank">@blacktop</a> <a href="https://mastodon.social/tags/macosx" class="mention hashtag" rel="nofollow noopener" target="_blank">#macosx</a> <a href="https://mastodon.social/tags/macosmalware" class="mention hashtag" rel="nofollow noopener" target="_blank">#macosmalware</a> <a href="https://mastodon.social/tags/apple" class="mention hashtag" rel="nofollow noopener" target="_blank">#apple</a> <a href="https://mastodon.social/tags/macmalware" class="mention hashtag" rel="nofollow noopener" target="_blank">#macmalware</a> <a href="https://mastodon.social/tags/guide" class="mention hashtag" rel="nofollow noopener" target="_blank">#guide</a> <a href="https://mastodon.social/tags/dfir" class="mention hashtag" rel="nofollow noopener" target="_blank">#dfir</a>

Recent searches

Search options

Administered by:

Server stats:

#malwareanalysis