Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-11-21Github (larsborn)Lars Wallenborn
@online{wallenborn:20221121:tofsee:8a0c345, author = {Lars Wallenborn}, title = {{Tofsee String Decryption Code}}, date = {2022-11-21}, organization = {Github (larsborn)}, url = {https://gist.github.com/larsborn/0ec24d7b294248c51de0c3335802cbd4}, language = {English}, urldate = {2022-11-25} } Tofsee String Decryption Code
Tofsee
2021-08-22media.ccc.deLars Wallenborn
@online{wallenborn:20210822:bangladesh:46f557f, author = {Lars Wallenborn}, title = {{The Bangladesh cyber bank robbery: Tracking down major criminals with malware analysis}}, date = {2021-08-22}, organization = {media.ccc.de}, url = {https://media.ccc.de/v/froscon2021-2670-der_cyber-bankraub_von_bangladesch}, language = {German}, urldate = {2021-09-10} } The Bangladesh cyber bank robbery: Tracking down major criminals with malware analysis
DYEPACK
2020-08-23Nullteilerfrei BlogLars Wallenborn
@online{wallenborn:20200823:programmatically:e6fd043, author = {Lars Wallenborn}, title = {{Programmatically NOP the Current Selection in Ghidra}}, date = {2020-08-23}, organization = {Nullteilerfrei Blog}, url = {https://blag.nullteilerfrei.de/2020/08/23/programmatically-nop-the-current-selection-in-ghidra/}, language = {English}, urldate = {2020-08-24} } Programmatically NOP the Current Selection in Ghidra
Zlob
2020-06-11Nullteilerfrei BlogLars Wallenborn
@online{wallenborn:20200611:api:495c8ab, author = {Lars Wallenborn}, title = {{API Hashing in the Zloader malware}}, date = {2020-06-11}, organization = {Nullteilerfrei Blog}, url = {https://blag.nullteilerfrei.de/2020/06/11/api-hashing-in-the-zloader-malware/}, language = {English}, urldate = {2020-08-18} } API Hashing in the Zloader malware
Zloader
2020-05-31Nullteilerfrei BlogLars Wallenborn
@online{wallenborn:20200531:string:53b78a9, author = {Lars Wallenborn}, title = {{String Obfuscation in the Hamweq IRC-bot}}, date = {2020-05-31}, organization = {Nullteilerfrei Blog}, url = {https://blag.nullteilerfrei.de/2020/05/31/string-obfuscation-in-the-hamweq-irc-bot/}, language = {English}, urldate = {2020-06-05} } String Obfuscation in the Hamweq IRC-bot
Hamweq
2020-05-24Nullteilerfrei BlogLars Wallenborn
@online{wallenborn:20200524:zloader:0ce15ba, author = {Lars Wallenborn}, title = {{Zloader String Obfuscation}}, date = {2020-05-24}, organization = {Nullteilerfrei Blog}, url = {https://blag.nullteilerfrei.de/2020/05/24/zloader-string-obfuscation/}, language = {English}, urldate = {2020-05-26} } Zloader String Obfuscation
Zloader
2020-04-26Nullteilerfrei BlogLars Wallenborn
@online{wallenborn:20200426:use:04235ea, author = {Lars Wallenborn}, title = {{use Ghidra to Decrypt Strings of KPOTstealer Malware}}, date = {2020-04-26}, organization = {Nullteilerfrei Blog}, url = {https://blag.nullteilerfrei.de/2020/04/26/use-ghidra-to-decrypt-strings-of-kpotstealer-malware/}, language = {English}, urldate = {2020-05-05} } use Ghidra to Decrypt Strings of KPOTstealer Malware
KPOT Stealer
2020-02-02Nullteilerfrei BlogLars Wallenborn
@online{wallenborn:20200202:defeating:95aa07e, author = {Lars Wallenborn}, title = {{Defeating Sodinokibi/REvil String-Obfuscation in Ghidra}}, date = {2020-02-02}, organization = {Nullteilerfrei Blog}, url = {https://blag.nullteilerfrei.de/2020/02/02/defeating-sodinokibi-revil-string-obfuscation-in-ghidra/}, language = {English}, urldate = {2020-02-09} } Defeating Sodinokibi/REvil String-Obfuscation in Ghidra
REvil
2019-11-09Lars Wallenborn
@online{wallenborn:20191109:apihashing:ec59534, author = {Lars Wallenborn}, title = {{API-Hashing in the Sodinokibi/Revil Ransomware - Why and How?}}, date = {2019-11-09}, url = {https://blag.nullteilerfrei.de/2019/11/09/api-hashing-why-and-how/}, language = {English}, urldate = {2019-12-18} } API-Hashing in the Sodinokibi/Revil Ransomware - Why and How?
REvil