If you follow my diaries, you probably already know that one of my favorite topics around malware is obfuscation. I’m often impressed by the crazy techniques attackers use to make reverse engineers’ lives more difficult. Last week, I spotted a file called “crypted.bat” (SHA256: 453c017e02e6ce747d605081ad78bf210b3d0004a056d1f65dd1f21c9bf13a9a) which is detected by no antivirus according to VT[1]. It deserved to be investigated!
Article Link: From Highly Obfuscated Batch File to XWorm and Redline - SANS Internet Storm Center
1 post - 1 participant
Malware Analysis, News and Indicators - Latest topics
Post a Comment
Post a Comment