all InfoSec news
Analyse, hunt and classify malware using .NET metadata
March 25, 2024, 7:21 p.m. | MalBot
Malware Analysis, News and Indicators - Latest topics malware.news
Introduction
Earlier this week, I ran into a sample that turned out to be PureCrypter, a loader and obfuscator for all different kinds of malware such as Agent Tesla and RedLine.
Upon further investigation, I developed Yara rules for the various stages, which can be found here (excluding the final payload):
- PureZip
- PureCrypter
- 2nd stage downloader (PureLogStealer related)
With that out of the way, all of this reminded me of the fact that we can also write Yara rules …
assembly async building client console default dotnet import log malware analysis name names project quasar rat update
More from malware.news / Malware Analysis, News and Indicators - Latest topics
Jobs in InfoSec / Cybersecurity
SOC 2 Manager, Audit and Certification
@ Deloitte | US and CA Multiple Locations
Application Security Engineer - Enterprise Engineering
@ Meta | Bellevue, WA | Seattle, WA | New York City | Fremont, CA
Security Engineer
@ Retool | San Francisco, CA
Senior Product Security Analyst
@ Boeing | USA - Seattle, WA
Junior Governance, Risk and Compliance (GRC) and Operations Support Analyst
@ McKenzie Intelligence Services | United Kingdom - Remote
GRC Integrity Program Manager
@ Meta | Bellevue, WA | Menlo Park, CA | Washington, DC | New York City