😈 [ embee_research, Matthew ]
In depth analysis of a 6-stage #asyncrat #malware loader using #cyberchef + #dnspy🐀
Persistent .lnk -> .py script -> 2nd .py script -> .NET DLL (reflection) -> .NET DLL (injected into msbuild.exe) -> .NET dll (custom obfuscation) -> .NET .exe (asyncrat)
https://t.co/e2Y5jHOOYy
🔗 https://www.huntress.com/blog/snakes-on-a-domain-an-analysis-of-a-python-malware-loader
🐥 [ tweet ]
In depth analysis of a 6-stage #asyncrat #malware loader using #cyberchef + #dnspy🐀
Persistent .lnk -> .py script -> 2nd .py script -> .NET DLL (reflection) -> .NET DLL (injected into msbuild.exe) -> .NET dll (custom obfuscation) -> .NET .exe (asyncrat)
https://t.co/e2Y5jHOOYy
🔗 https://www.huntress.com/blog/snakes-on-a-domain-an-analysis-of-a-python-malware-loader
🐥 [ tweet ]