Tools

Tools e.g. Wireshark, tshark, Strings, CyberChef

Stage 2 PowerShell deobfuscated

Deobfuscate PowerShell using subtract – CyberChef Recipe 0x4

turned_in_notCyberChef, CyberChef Recipe, Infostealer, PowerShell, RedLine
In this quick blog post, we’ll explore the various combination of CyberChef operations e.g Generic code Beautify, Subsection, Fork, Subtract etc. to deobfuscate the second-stage PowerShell script used in the RedLine stealer infection chain. The PowerShell contain multiple array consist of integer. It employs a straightforward function to decode the…
Read More
AsyncRAT CyberChef Recipe last step

AsyncRAT config decryption using CyberChef – Recipe 0x2

turned_in_not.NET, AsyncRAT, Config, CyberChef, CyberChef Recipe, RAT, Remote Access Tool
In the realm of malware analysis, tools like CyberChef play a pivotal role. One of the challenges that malware analysts often face is decrypting configurations of Remote Access Trojans (RATs) like AsyncRAT. This article provides a step-by-step guide on how to decrypt AsyncRAT configurations using CyberChef. Decrypting AsyncRAT ConfigurationsAsyncRAT is…
Read More
Wireshark Filter

Important Wireshark filters

turned_in_notFilter, Video Tutorial, Wireshark
We will look into some of the Wireshark display filters which can be used in malware analysis. We can use this Wireshark display filter after we capture pcap during dynamic malware analysis. Why do we need to do this? Help us to remove the noise from pcap Easy to extract…
Read More
keyboard_arrow_up