![]() Infection Vector: Trojanized/Fake Crypto-Currency Applications “Operation ElectroRAT: Attacker Creates Fake Companies to Drain Your Crypto Wallets” ![]() steal personal information from cryptocurrency users" -Intezer ![]() This extensive operation is composed of a full-fledged marketing campaign, custom cryptocurrency-related applications and a new Remote Access Tool (RAT) written from scratch." " we discovered a wide-ranging operation targeting cryptocurrency users, estimated to have initiated in January 2020. Installed (to /usr/bin/lldb) as part of Xcode.Ī “reverse engineering tool (for macOS) that lets you disassemble, decompile and debug your applications” …or malware specimens!ĮlectroRAT is a cross-platform remote “administration” tool (RAT), designed to steal information from cryptocurrency users.ĭownload: OSX.ElectroRAT (password: infect3d)ĮlectroRAT was uncovered by Intezer, who note: The de-facto commandline debugger for macOS. My open-source light weight network monitor. My open-source utility that displays code-signing information, via the UI. My open-source utility that monitors file events (such as creation, modifications, and deletions) providing detailed information about such events. My open-source utility that monitors process creations and terminations, providing detailed information about such events. While there are a myriad of malware analysis tools, these are some of my favorites, and include: Throughout this blog, I reference various tools used in analyzing the malware specimens. What was the purpose of the malware? a backdoor? a cryptocurrency miner? or something more insidious…Īlso, for each malware specimen, I’ve added a direct download link to the malware specimen, case you want to follow along with my analysis or dig into the malware more! □️ Malware Analysis Tools & Tactics How it installed itself, to ensure it would be automatically restarted on reboot/user login. However at the end of this blog, I’ve included a section dedicated to these other threats, that includes a brief overview, and links to detailed write-ups.įor each malicious specimen covered in this post, we’ll identify the malware’s: Adware and/or malware from previous years, are not covered. Cutter - A free and open-source graphical user interface (GUI) for the Radare2 reverse engineering framework, making it more accessible and user-friendly.In this blog post, we focus on new Mac malware specimens or significant new variants that appeared in 2021. ![]() jadx - A decompiler for Android applications (APK files) that converts Dalvik bytecode back to Java source code, enabling analysis of Android apps.Immunity Debugger - A Windows-based debugger that combines a disassembler, debugger, and Python scripting, often used for analyzing malware and vulnerability research.Hopper Disassembler - A macOS and Linux reverse engineering tool that combines a disassembler and decompiler, providing both assembly code and pseudocode representations of binary files.GDB (GNU Debugger) - A powerful and widely used debugger for Linux and Unix systems that supports various programming languages and can be used for reverse engineering purposes.Binary Ninja - A reverse engineering platform that offers a disassembler, decompiler, and other analysis tools, with a focus on automation and extensibility through plugins and scripts.Radare2 supports various architectures and file formats. Radare2 - An open-source suite of tools for reverse engineering, including a disassembler, debugger, hexadecimal editor, and more.OllyDbg - A Windows-based debugger and disassembler that allows the analysis of 32-bit Windows executables, focusing on binary code analysis and runtime debugging.Ghidra - A free and open-source software reverse engineering suite developed by the National Security Agency (NSA) that includes a disassembler, decompiler, and other analysis tools.IDA Pro (Interactive Disassembler) - A powerful disassembler and debugger used for analyzing binary files, providing a graphical interface to examine assembly code and control flow.Here are some popular reverse engineering tools:
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |