De-obfuscation – Lost in Security (and mostly everything else)

Posts tagged "De-obfuscation"

2022-02-13 Breaking out the WD40! First Stage Downloader For Remcos RAT

Herbie Zimmerman February 15, 2022 February 14, 2022Code 0

Yeah, this picture sums it up very nicely for me… It has been a while since I have played with any malware or tried to RE a script of some sort. So here goes nothing… This post will cover the downloader script from a Remcos maldoc that I was playing…

2018-09-18 Emotet maldocs labeled as “Invoices”

Herbie Zimmerman September 22, 2018 September 22, 2018Code, Packet Analysis 0

Looking through the email filters in on the 18th of September, I managed to find a small batch of emotet emails from the same sender. The emails themselves tried to spoof email addresses, but Outlook ended up displaying both emails (the spoof and the true sender). Looking through the small…