Summary FAMOUS CHOLLIMA, active since 2018, is a low-sophistication adversary almost certainly operates on behalf of the North Korean government (DPRK). The adversary primarily focuses on generatin...
Decoding Ebury Malware SSH Commands
Summary The Ebury malware family plays a role in a much larger multi-malware family operation that has been going on for over 10 years. The ESET company has over a decade of research into this and ...
Extracting out DarkGate malware from MSI
Summary According to malpedia, DarkGate malware is: “A commodity loader with features that include the ability to download and execute files to memory, a Hidden Virtual Network Computing (HVNC) ...
Golang Reverse Engineering Tips
Summary The following document is a collection of information I discovered while reverse engineering Golang binaries. This is specific to the context of malware and generally speaking, stripped bi...
Reverse Engineering on Windows 11 ARM (Macbook Pro M1/M2)
Summary I have recently purchased the new Macbook Pro M2 Max 16” as I finally wanted to switch over into the ARM world on the desktop. One of my main concerns was around my focus on reverse engine...
Resolving IDA Pro sp-analysis failed Error
Summary IDA Pro does not always get the disassembly, and pseudo-C decompilation correct. When it has an issue, it can manifest in several ways but one thing you may see is a red error message in t...
Switching IDA Pro Python Version
Summary In FlareVM you will likely have many versions of Python installed. Not all of these are going to be compatible with IDA Pro and you may need to switch which version IDA Pro is looking at. ...
Hex-Rays IDA Tips and Tricks
Hex-Rays tips and tricks to IDA Pro Igor Skochinsky of Hex-Rays presents a new IDA Pro tip every week. This is more of a pointer toward a “season 1” compilation of these tips and to the Hex-Rays b...
NPM COA@2.0.3 DanaBot Dropper
Table of Contents Executive Summary Actions leading to a DanaBot secondary payload Visual path of execution What gets dropped? IOC’s Technical Analysis ...
Malware Report: CTS
Table of Contents Executive Summary Initial binary Infected binaries MITRE Attack Matrix Indicators of Compromise Threat intel insights Technical Anal...