all InfoSec news
Reading Between the Lines of Code: Ziraat_Stealer
Malware Analysis, News and Indicators - Latest topics malware.news
Hello Everybody! Today i will be conducting an analysis of a .NET information stealer.
MD5 hash: DC4200AC514006F084EAD7F83B84C928
Virus Total Link: VirusTotal
Analysis
File version/name informationThe sample effectively disguises itself as a Data Recovery tool to bypass user detection. It is a 32-bit .NET binary, which allows for the conversion of the binary back to Intermediate Language (IL). This can be done using tools designed for such purposes, with DNSpy being a prime example.
Upon closer examination of the binary, …
analysis back binary bypass code conversion data data recovery detection effectively hash hello information information stealer intermediate language link malware analysis md5 name recovery sample stealer today tool version