Loggy - Introduce to reverseing golang binary

admin
admin
admin
138484
文章
114
评论
2025年2月10日16:33:28评论9 views字数 1337阅读4分27秒阅读模式
Loggy - Introduce to reverseing golang binary
Janice from accounting is beside herself! Shewas contacted by the SOC to tell her that her work credentials were found on the dark web by the threat intel team. We managed to recover some files from her machine and sent them to the our REM analyst.
Loggy - Introduce to reverseing golang binary
What programming language (and version) is this malware written in?
retrieve from string:
Loggy - Introduce to reverseing golang binary
Loggy - Introduce to reverseing golang binary
There are multiple GitHub repos referenced in the static strings. Which GitHub repo would be most likely suggest the ability of this malware to exfiltrate data?
Loggy - Introduce to reverseing golang binary
github.com/jlaffaye/ftp
What dependency, expressed as a GitHub repo, supports Janice’s assertion that she thought she downloaded something that can just take screenshots?
github.com/kbinani/screenshot
Which function call suggests that the malware produces a file after execution?
checking in the IAT
Loggy - Introduce to reverseing golang binary

WriteFile

You observe that the malware is exfiltrating data over FTP. What is the domain it is exfiltrating data to?

Loggy - Introduce to reverseing golang binary
gotthem.htb

What are the threat actor’s credentials?

留意这function call

github_com_jlaffaye_ftp__ptr_ServerConn_Login

Loggy - Introduce to reverseing golang binary
Loggy - Introduce to reverseing golang binary
Loggy - Introduce to reverseing golang binary
发现login函数在main中被调用:
Loggy - Introduce to reverseing golang binary
在调用处可以看到前面有两次入参的操作:
Loggy - Introduce to reverseing golang binary

NottaHacker:Cle@rtextP@ssword

What file keeps getting written to disk?

Loggy - Introduce to reverseing golang binary
Loggy - Introduce to reverseing golang binary
Loggy - Introduce to reverseing golang binary

keylog.txt

When Janice changed her password, this was captured in a file. What is Janice's username and password?

Loggy - Introduce to reverseing golang binary

janice:Password123

What app did Janice have open the last time she ran the "screenshot app"?

见附件中的沙箱运行截图:

Loggy - Introduce to reverseing golang binary

https://learn.microsoft.com/en-us/xandr/monetize/buying-microsoft-casual-games-windows-o-o-apps

Solitaire

原文始发于微信公众号(Definite R3dBlue):Loggy - Introduce to reverseing golang binary

免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉。
  • 左青龙
  • 微信扫一扫
  • weinxin
  • 右白虎
  • 微信扫一扫
  • weinxin
admin
  • 本文由 发表于 2025年2月10日16:33:28
  • 转载请保留本文链接(CN-SEC中文网:感谢原作者辛苦付出):
                   Loggy - Introduce to reverseing golang binaryhttps://cn-sec.com/archives/3690173.html
                  免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉.

发表评论

匿名网友 填写信息