Tag Archives: Reverse Engineering

SunCrypt, PowerShell obfuscation, shellcode and more yara

Posted on March 28, 2021 by pcsxcetrasupport3

This didn’t start as a blog post. It started as a conversation with Hari Charan @grep_security about something they were looking at called SunCrypt ransomware. Looking up the name I ran across a couple of interesting blog post, one by … Continue reading

Posted in Malware, PowerShell | Tagged , , , , | 1 Comment

Chasing malware down the rabbit hole to see where it goes.

Posted on October 28, 2019 by pcsxcetrasupport3

Lets start this journey with the blog post by Pondurance  titled “777 RANSOMWARE COMBINES WITH TRICKBOT” located here. There is not a whole lot here but it describes 2 layers of shellcode  and some indicator’s and the first is the … Continue reading

Posted in Malware, PowerShell, security | Tagged , , | Comments Off on Chasing malware down the rabbit hole to see where it goes.

A deeper look inside one of the new Emotet Malware Docs

Posted on September 20, 2019 by pcsxcetrasupport3

The sample here comes from a quick search supplied by ANY.RUN @anyrun_app  of #emotet-doc to filter quickly on documents you want to look at. Twitter reference Here and the link to the file we are going to use Here. One … Continue reading

Posted in Malware | Tagged , , , | Comments Off on A deeper look inside one of the new Emotet Malware Docs

A Look under the hood of a batch encrypted file

Posted on November 23, 2018 by pcsxcetrasupport3

The sample in question today is thanks to a Twitter thread by Nick Carr @ItsReallyNick and Daniel Bohannon @danielhbohannon of FireEye located Here about this builder being used to encode batch scripts. After downloading the sample from VirusBay @virusbay_io that … Continue reading

Posted in Malware, Programming, security | Tagged , , | Comments Off on A Look under the hood of a batch encrypted file