Directory Webcams

Analyzing .NET Downloader, Suspicious PowerShell activity and a Curious Open Directory

February 8, 2023 straychat

I recently came across an interesting .NET downloader that displayed odd Powershell activity along with an open directory full of obfuscated files. In this video, we’ll investigate this highly obfuscated .net downloader to discuss techniques to unravel it’s capabilities. We’ll…

I recently came across an interesting .NET downloader that displayed odd Powershell activity along with an open directory full of obfuscated files. In this video, we’ll investigate this highly obfuscated .net downloader to discuss techniques to unravel it’s capabilities. We’ll then look at how it redirects STDIN for the Powershell proceess to a stream buffer to avoid leaving evidence in the logs. And finally, we’ll unravel the Powershell script used to download and decrypt the open directory full of malicious files.

Tools: dnSpyEx, CyberChef

Resources: hXXps://github[.]com/jstrosch/malware-samples/tree/master/binaries/cryptbot/2023/February

Tags: .net analysis, .net downloader, .net malware, .net malware analysis, career, career advancement, cyber, cyber security, cyber tools, cyber training, cybersecurity, dotnet analysis, dotnet malware, Education, educational, encrypted, getting started, help, how-to, incident response, malware, malware analysis, network traffic, obfuscation, opendir, payloads, prep, professional development, remnux, reverse engineering, security tools, Technical, threat analysis, training

Custom kids' coverups by Artisan Shopping Directory member Kailey's Monogram #etsyfinds #etsyseller

Custom kids’ coverups by Artisan Shopping Directory

March 13, 2023 straychat

Local Business Directory - Hatun Business Directory - Free Listing Website

Local Business Directory – Hatun Business Directory – Free Listing Website

March 13, 2023 straychat

14- MCSA 2016 | Active Directory Objects

14- MCSA 2016 | Active Directory Objects

March 13, 2023 straychat