KernelMode.info

A forum for reverse engineering, OS internals and malware analysis
https://www.kernelmode.info/forum/

Facing Issues Reversing Sample ( Dynamic Analysis )

https://www.kernelmode.info/forum/viewtopic.php?f=10&t=3280

Page 1 of 1

Facing Issues Reversing Sample ( Dynamic Analysis )

PostPosted:Sat May 17, 2014 2:05 pm
by slipstream
Hi Guys,

Facing an issue where I have managed to dump unencrypted malware and located some interesting strings but I cannot access the domain that the malware is calling back to. The malware is active and keeps sending SYN packets to the C&C.

I've captured various request in which the malware is sending GET&POST's probably sending back information about the target. However all the POST requests look encrypted.

Anyone interested in having a go at this with me?

Re: Facing Issues Reversing Sample ( Dynamic Analysis )

PostPosted:Sun May 18, 2014 9:54 am
by slipstream
[UPDATE]

Turns out I've discovered more about the malware, It's quite fresh and it's had a detection rate of 0/52 for 2 days until today. I believe I've discovered a hardcoded Password string via forcing the real malware to drop then running a static analysis strings search.

Anyone willing to help investigate further I would appreciate it greatly!

Re: Facing Issues Reversing Sample ( Dynamic Analysis )

PostPosted:Sun May 18, 2014 11:30 am
by EP_X0FF
You have your thread about the same http://www.kernelmode.info/forum/viewto ... =16&t=3283, no need to multiple.
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/