Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Malware Analysis
Analyzing SCR file
Message
<blockquote data-quote="Sandbox Breaker" data-source="post: 1054753" data-attributes="member: 93976"><p>- This file is a PE/DLL</p><p>[ATTACH=full]278083[/ATTACH]</p><p>- Has alot of anti debugging and evasion tactics</p><p>- Invalid Signature</p><p>[ATTACH=full]278084[/ATTACH]</p><p>- Opens channel via 443 to download zip file</p><p>- Writes Data to local zip file and deletes itself</p><p>- Bugged out Triage Sandbox Dynamic</p><p>[ATTACH=full]278082[/ATTACH]</p><p>- Alot of TTP's used</p><p>[ATTACH=full]278085[/ATTACH]</p><p>- Could get more into but but lack of time.</p><p>- File shows no GUI which further indicated their MO to stay hidden.</p><p>-Unique Code</p><p>[ATTACH=full]278088[/ATTACH]</p><p>Verdict: Malicious</p></blockquote><p></p>
[QUOTE="Sandbox Breaker, post: 1054753, member: 93976"] - This file is a PE/DLL [ATTACH type="full" alt="1692977052685.png"]278083[/ATTACH] - Has alot of anti debugging and evasion tactics - Invalid Signature [ATTACH type="full" alt="1692977135418.png"]278084[/ATTACH] - Opens channel via 443 to download zip file - Writes Data to local zip file and deletes itself - Bugged out Triage Sandbox Dynamic [ATTACH type="full" width="594px" alt="1692976952096.png"]278082[/ATTACH] - Alot of TTP's used [ATTACH type="full" alt="1692977185328.png"]278085[/ATTACH] - Could get more into but but lack of time. - File shows no GUI which further indicated their MO to stay hidden. -Unique Code [ATTACH type="full"]278088[/ATTACH] Verdict: Malicious [/QUOTE]
Insert quotes…
Verification
Post reply
Top