Cyber&Ramen

More Cyber, Less Ramen

  • Home
  • About MeComing Soon…
  • Info-Stealing Tool Posing As Naver OTP

    Info-Stealing Tool Posing As Naver OTP

    Summary SHA256: 3275f42c85c9e2fcb80d1f8c1c6227c2bcde9c0e719905ddbd2ca7373c6a8ec6 Filename: UpHelpers.exe Size: 3.41MB Extension: EXE Compilation Timestamp: 2022-01-05 23:41:20 Sandbox analysis: https://tria.ge/220118-emrgjsgfb7 UpHelpers.exe is an information-stealing/reconnaissance tool disguised as a Naver One Time Password, (OTP) generator app. Naver is a South Korean web portal that first debuted in 1999 and offers a number of services. The tool collects drive and directory […]

    Mike

    January 18, 2022
    INFOSEC
    INFOSEC, Malware, NorthKorea
  • Analysis of njRAT PowerPoint Macros

    Analysis of njRAT PowerPoint Macros

    I wanted to do a quick write-up on an interesting PowerPoint macro document that contains njRAT. njRAT is a .NET trojan first identified in 2013 that has largely targeted countries in the Middle East as well as South America. The malicious document can be found via MalwareBazaar: https://bazaar.abuse.ch/sample/edba3ca498110106418658167533034aeb929276fe81de80c6de1a6bb95120e0 Information Gathering When triaging a suspected malicious […]

    Mike

    January 12, 2022
    INFOSEC
    Maldoc, Malware, njRAT
  • A “GULP” of PlugX

    A “GULP” of PlugX

    Often attributed to Chinese-speaking threat actors, PlugX a remote access trojan(RAT), was identified by security researchers in 2012. With several variants of the RAT identified by vendors over the year, many techniques used to compromise systems have remained the same. While perusing public malware sandboxes for interesting new samples, I stumbled upon a Windows executable […]

    Mike

    January 6, 2022
    INFOSEC
    APT, INFOSEC, PlugX
  • More Flagpro, More Problems

    More Flagpro, More Problems

    No stranger to this blog, BlackTech has continued to modify techniques to compromise networks and even suffered an OPSEC slip in the way of an open directory. This post will cover a malicious document similar to that identified by [1] PWC and [2] NTT in the previous reporting on the group. While I cannot definitively […]

    Mike

    December 12, 2021
    INFOSEC
    APT, BlackTech, Malware
  • BlackTech Updates Elf-Plead Backdoor

    BlackTech Updates Elf-Plead Backdoor

    Overview On November 10, 2020, JPCert[1] published a blog post in Japanese (the English version followed about a week later), providing an overview of BlackTech’s PLEAD backdoor, referred to as “ELF_PLEAD”, specifically targeting *nix systems. In late March 2021, Intezer[2] tweeted a hash of what was described as a fully undetectable (FUD) version of ELF_PLEAD. […]

    Mike

    February 11, 2021
    INFOSEC
←Previous Page
1 2

Proudly Powered by WordPress

  • Follow Following
    • Cyber&Ramen
    • Already have a WordPress.com account? Log in now.
    • Cyber&Ramen
    • Edit Site
    • Follow Following
    • Sign up
    • Log in
    • Report this content
    • View site in Reader
    • Manage subscriptions
    • Collapse this bar