Malpedia Library

2024-09-12 ⋅ kienmanowar Blog ⋅ m4n0w4r, Tran Trung Kien
[QuickNote] The Xworm malware is being spread through a phishing email
XWorm

2024-08-10 ⋅ kienmanowar Blog ⋅ m4n0w4r, Tran Trung Kien
[QuickNote] Retrieve unknown python stealer from PyInstaller

2024-06-06 ⋅ kienmanowar Blog ⋅ m4n0w4r, Tran Trung Kien
[QuickNote] DarkGate – Make AutoIt Great Again
DarkGate

2024-04-24 ⋅ kienmanowar Blog ⋅ m4n0w4r, Tran Trung Kien
[QuickNote] Qakbot 5.0 – Decrypt strings and configuration
QakBot

2024-04-09 ⋅ kienmanowar Blog ⋅ m4n0w4r, Tran Trung Kien
[QuickNote] Phishing email distributes WarZone RAT via DBatLoader
Ave Maria DBatLoader

2024-01-06 ⋅ kienmanowar Blog ⋅ m4n0w4r, Tran Trung Kien
[QuickNote] Technical Analysis of recent Pikabot Core Module
Pikabot

2023-07-06 ⋅ kienmanowar Blog ⋅ m4n0w4r, Tran Trung Kien
[QuickNote] Examining Formbook Campaign via Phishing Emails
Formbook

2023-05-22 ⋅ kienmanowar Blog ⋅ m4n0w4r
[Case study] Decrypt strings using Dumpulator

2023-04-08 ⋅ kienmanowar Blog ⋅ m4n0w4r, Tran Trung Kien
[QuickNote] Uncovering Suspected Malware Distributed By Individuals from Vietnam
AsyncRAT DCRat WorldWind

2023-03-25 ⋅ kienmanowar Blog ⋅ m4n0w4r, Tran Trung Kien
[QuickNote] Decrypting the C2 configuration of Warzone RAT
Ave Maria

2023-01-09 ⋅ kienmanowar Blog ⋅ m4n0w4r, Tran Trung Kien
[QuickNote] Another nice PlugX sample
PlugX

2022-12-27 ⋅ kienmanowar Blog ⋅ m4n0w4r, Tran Trung Kien
Diving into a PlugX sample of Mustang Panda group
PlugX

2022-12-19 ⋅ kienmanowar Blog ⋅ m4n0w4r, Tran Trung Kien
[Z2A]Bimonthly malware challege – Emotet (Back From the Dead)
Emotet

2022-12-17 ⋅ kienmanowar Blog ⋅ m4n0w4r, Tran Trung Kien
[QuickNote] VidarStealer Analysis
Vidar

2022-06-04 ⋅ kienmanowar Blog ⋅ m4n0w4r, Tran Trung Kien
[QuickNote] CobaltStrike SMB Beacon Analysis
Cobalt Strike

2022-02-24 ⋅ kienmanowar Blog ⋅ m4n0w4r, Tran Trung Kien
[QuickNote] Techniques for decrypting BazarLoader strings
BazarBackdoor

2022-01-23 ⋅ kienmanowar Blog ⋅ m4n0w4r, Tran Trung Kien
[QuickNote] Emotet epoch4 & epoch5 tactics
Emotet

2021-09-06 ⋅ kienmanowar Blog ⋅ m4n0w4r
Quick analysis CobaltStrike loader and shellcode
Cobalt Strike

2021-08-04 ⋅ kienmanowar Blog ⋅ m4n0w4r, Tran Trung Kien
[QuickNote] MountLocker – Some pseudo-code snippets
Mount Locker

2021-05-11 ⋅ kienmanowar Blog ⋅ m4n0w4r
Quick analysis note about DealPly (Adware)
DealPly

2020-08-16 ⋅ kienmanowar Blog ⋅ m4n0w4r
Manual Unpacking IcedID Write-up
IcedID

2020-06-27 ⋅ kienmanowar Blog ⋅ m4n0w4r
Quick analysis note about GuLoader (or CloudEyE)
CloudEyE