Malware Analysis

[ldmd]

Recently, I shifted from working on crackmes to malware analysis. I tried to write a blog covering some aspects, as detailing everything I did would have made it too long. However, I’m not quite satisfied with what I have written. I’d really appreciate it if you could take a look and provide feedback.

Blog: https://www.mblog.pro/blog/malware

The sample I analyzed is from MalwareBazaar, and here is a VirusTotal link:
https://www.virustotal.com/gui/file/3fef5c7fa519f5384de6f61c954ead6dfd4da727005bfec954dc801bd120a938

[sendersu]

hmm
is your site kind of ctf?

https://prnt.sc/xne6zKOkRfXf

[ldmd]

Quote:

Originally Posted by sendersu

hmm
is your site kind of ctf?

https://prnt.sc/xne6zKOkRfXf

Nope, https://prnt.sc/A_2ouiw-OdHf

[JMP-JECXZ]

you need to activate javascript otherwise site is broken.

[ldmd]

Quote:

Originally Posted by JMP-JECXZ

you need to activate javascript otherwise site is broken.

I didn't intend for the blog to be for a js-disabled browser, so sorry.

[tonyweb]

A quick look can be taken if you execute something like the following in your browser console:

Code:

document.querySelectorAll(".animate").forEach( elem => { elem.style.opacity = 1 } );

[sendersu]

@tonyweb - means no JS in my lovely Opera?
I dont remember I've deliberately turned it OFF hm hm

https://prnt.sc/0uUfVEVg9SQT

[tonyweb]

@sendersu
I don't see errors in your screenshot (that warning is there to avoid the average user executing whichever javascript snippet found online, without understanding what it does).

Of course you can do it "manually", locating the suitable "main" child-tag inside page source and unchecking the opacity rule.

https://gcdnb.pbrd.co/images/0nwENvl9sHJU.png