TeamTNT Toolkit

Released tonight on VX-Underground was TeamTNT’s toolkit they used in their Chimaera campaign. Here’s an excerpt from VX-Underground: The files we have received were used scripts by group TeamTNT in their Chimaera campaign. This campaign has been discussed multiple times by various security vendors and researchers. TrendMicro discussed it here: https://www.trendmicro.com/en_us/research/21/c/teamtnt-continues-attack-on-the-cloud–targets-aws-credentials.html PaloAlto Unit42 discussed it […]

Read More TeamTNT Toolkit

Analyzing a Malicious APK

After hitting roadblocks on a couple other projects I’m working on, like analyzing firmware from a suspiciously cheap IP camera and analyzing the CAN network in my car, I decided to go back to malware analysis but look at mobile applications instead. So I searched Any.run for APKs and grabbed the first one. Name: VPX.apk […]

Read More Analyzing a Malicious APK

Anubis Stealer

I was looking for a .NET malware to mess around with dnspy a bit so I checked out https://bazaar.abuse.ch. Sure enough I found one right at the top that was labeled as AgentTesla and Anubis. Note: this is not the Android malware making its rounds currently that shares the same name. Sample info MD5: a9045a197fe0d39fe9d96f3937788f91 […]

Read More Anubis Stealer

[HTB] Omni Write-up

This was a pretty interesting box and had a new OS that I’ve never messed with. As always we start with an Nmap scan and adding the box to our hosts file. So we see that it looks like a Windows server but we never get a proper OS fingerprint for it. After some Googling, […]

Read More [HTB] Omni Write-up

[HTB] Blunder Write-up

As always start off with an Nmap scan. I also tend to use this time to add the box to my hosts file as [box_name].htb Enumerate the directories of the webpage using Gobuster, dirsearch, wfuzz, etc. [+] /about [+] /0 [+] /admin [+] /usb [+] /LICENSE [+] /todo.txt [+] /robots.txt After looking in todo.txt, possible […]

Read More [HTB] Blunder Write-up

Fuzzy Hashing

I’ve been doing some more malware analysis during my free time and started using some more techniques such as fuzzy hashing with SSDEEP and import hashing. It’s an easy way to find out what sort of malware an otherwise unknown executable is. Fuzzy hashing with SSDEEP works by hashing through a different algorithm designed for […]

Read More Fuzzy Hashing