I missed this one because of ~~beer~~ summer holidays.
Anyway, if you want to see how a Shellter protected binary looks like:

https://www.elastic.co/security-labs/taking-shellter

#malware #reverseengineering #shellter

Happy Wednesday everyone!

Elastic Security Labs researchers found a bunch of infostealers being spread by adversaries. In the past we have seen other tools like Brute Ratel and CobaltStrike but this time they decided to use a cracked version of #SHELLTER, another offensive security tool (OST). There are TONS of technical details about the tools they used during the investigation into the tool and what artifacts they found. Interestingly they are also releasing a "dynamic unpacker for binaries protected by SHELLTER. This tool leverages a combination of dynamic and static analysis techniques to automatically extract multiple payload stages from a SHELLTER-protected binary." Thought that was a pretty cool add!

Take a read and get all the important details! Enjoy and Happy Hunting!

Taking SHELLTER: a commercial evasion framework abused in- the- wild
https://www.elastic.co/security-labs/taking-shellter

Intel 471 Cyborg Security, Now Part of Intel 471 #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday

Hackers weaponize #Shellter red teaming tool to spread infostealers
https://securityaffairs.com/179745/malware/hackers-weaponize-shellter-red-teaming-tool-to-spread-infostealers.html
#securityaffairs #hacking #malware