Presented by Tim
Follow me on Twitter
Following on from the malware, I investigated earlier in the month, my friend gave me further files to continue working out what was the function of the malware. See part 1 here.. All analysis was performed on a virtual machine and only details which could have identified the victim have been removed.
What I was given The first think he pointed out was that there was over 50MB of the infection.
Presented by Tim
Follow me on Twitter
Update - Part 2
I was asked earlier this week by a friend to have a look at some malware, which had been uncovered on a compromised computer. I didn’t ask where it had came from, or indeed the host environmnet. Having programmed in PHP since university and malware analysis is kind of a hobby, I thought I would give it a go.
Hi everyone, this is my first blog post so I thought I’d introduce myself:
My name’s Brett, I’m currently a security engineer for a MSP where a portion of my job (as well as being a member of the SOC) is to look after and make sure the abuse queue is dealt with and ensure that the abuse of our services are kept to a minimum. I’m writing this blog post up because I do see this type of compromise a lot and I thought I would share my experiences in how I’ve seen it occuring in the wild in the hope that it will help Threat hunters and other similar roles in discovering and dealing with such compromises and the kind of simple IOCs and data points to look for!