This series discuss about Pyrogenic/Qealler which is heavily obfuscated Java based Infostealer but the techniques/methods used in the series can be applied to any Java malware. Part 0x1 start with static analysis of first layer of obfuscation, next part 0x2 you will learn unpacking using Java agent and in the last part 0x3 we find similarity between Qealler/Pyrogenic variants based on static code analysis.
This series cover infection chain of very interesting ransomware with unique infection vector xls -> Excel 4.0 Macro(XLM) -> mshta -> Dropbox url -> hta -> VBScript -> PowerShell -> Dropbox url -> exe . This series uses Ghidra for reversing PE files and uses Sysmon for dynamic analysis.
Part 0x1 start with basics of analysing steps for hta, VBScript & PowerShell, next part 0x2 you will learn about UAC bypass using CMSTPLUA COM interface using Ghidra and in the last part 0x3 we find analyse the binary from WinMain to Parent PID Spoofing technique. This is one of the best sample from which you can learn different techniques.
This video series cover the of deobfuscation of Office Macro and PowerShell used in Emotet infection chain Email ->doc -> Macro -> PowerShell -> exe. Part 0x1 will show you process to analyse obfuscated malicious macro embedded in Emotet downloader office document and next part 0x2 will deobfuscate PowerShell extracted from Macro.
This posts cover the tips/techniques which you can use to speed up your Malware Analysis.
This are the basic posts which you must be knowing for Malware Analysis.
