Skip to content
Github Twitter YouTube
Lost in Security (and mostly everything else)
Skip to content
  • About me
  • My GitHub Repos
  • Packet Analysis
  • SecurityOnion
  • Challenges
Home Posts tagged "RAT"

Tag: RAT

2020-05-27 Netsupport RAT Malspam

Herbie Zimmerman May 29, 2020 April 30, 2022Packet Analysis NetSupport, RAT 0

Summary ======== Yesterday when reviewing the spam filters I found an email with a malicious attachment (.slk file) that setups the system to be infected with what looks to be a NetSupport RAT (based on the information found in the PCAP). I Checked the usual OSINT resources (ie: Hybrid Analysis,…

Continue reading

2019-08-23 WSHRat Javascript de-obfuscation

Herbie Zimmerman August 23, 2019 August 23, 2019Code Deobfuscating Code, RAT, WshRAT 2

Special thanks to one of my colleagues and @nazywam on Twitter that helped me with this. The Twitter thread about this can be found here. To obtain the Javascript file, see the Any.Run link here. The other day (2019-08-20) while looking at caught emails in the SPAM folder, I came…

Continue reading

2019-07-17 AveMaria InfoStealer/RAT with interesting UAC bypass

Herbie Zimmerman July 17, 2019 July 23, 2019Packet Analysis AveMaria, InfoStealer, RAT, UAC Bypass 0

I came across this sample yesterday via my usual method – the email filters. The email is your pretty standard stuff acting as a proposal for an order. Once you open the zip file, there is an executable. From here, the fun began. For the artifacts/logs/PCAP from this analysis, please…

Continue reading

2018-02-17 Remcos RAT from malspam

Herbie Zimmerman February 18, 2018 February 18, 2018Packet Analysis RAT, Remcos RAT 0

Earlier this morning I came across some emails that had a subject line that caught my attention. They were all from the same sender and all of them had the same maldoc attached to them. From what I can tell this looks to be related to the REMCOS RAT as…

Continue reading

Powered by Nirvana & WordPress.