I ended an article a couple of months ago with:
> I may analyze the final payload in a future post.

And finally the day has come.
Spoiler: it was not the final payload.

Dissecting PureCrypter: A Technical Malware Analysis
https://0xlibris.net/posts/infection_chain_infostealer_2

#PureCrypter #malware #infosec #reversing #cybersecurity #infostealer #malwareanalysis

Is like postponing another hour the time to go to sleep

An expired vm that restarts every hour is the only notion of time

Yet Another Ridiculous headAche

I'm pretty good at identifying types of headaches

Having fun with php:
https://0xlibris.net/posts/php_botnet

#malware #botnet #php #backdoor

why does like half of all @vncresolver@fedi.computernewb.com screenshots look like this

Paranoia level like: receive a message from a random person on Telegram saying Hi without context and automatically block and reboot the phone

on a day with no ADHD meds, my roommate knocks on the door and is like "a friend got their discord hacked but before I knew it they sent me an EXE and I ran it. am I hacked?"

@JohnHammond I gave up reversing the obfuscated .net binary too :ageblobcat:

An MP3 file as malware!?! Actually an HTA polyglot -- with some clever error handling tricks, slick PowerShell sub sessions, and an annoyingly obfuscated C# .NET assembly across like seven stages of payloads. The song has a good beat, too! https://youtu.be/25NvCdFSkA4

@JohnHammond lol it's the same campaign I analyzed a couple of weeks ago
https://0xlibris.net/posts/infection_chain_infostealer/

@BleepingComputer
Yeah
https://infosec.exchange/@0xlibris/114141059606772648

@mixic Thx! Gimme more layers :ablobcatnomcookie:

Analyzing the Infection Chain of a Stealer Malware

https://0xlibris.net/posts/infection_chain_infostealer/

#malware #cybersecurity #infosec #infostealer #Heracles #captcha #cyberchef

At this point, all WordPress sites are just cdns for malware distribution, right?