WriteFile
You observe that the malware is exfiltrating data over FTP. What is the domain it is exfiltrating data to?
What are the threat actor’s credentials?
留意这function call
github_com_jlaffaye_ftp__ptr_ServerConn_Login
NottaHacker:Cle@rtextP@ssword
What file keeps getting written to disk?
keylog.txt
When Janice changed her password, this was captured in a file. What is Janice's username and password?
janice:Password123
What app did Janice have open the last time she ran the "screenshot app"?
见附件中的沙箱运行截图:
https://learn.microsoft.com/en-us/xandr/monetize/buying-microsoft-casual-games-windows-o-o-apps
Solitaire
原文始发于微信公众号(Definite R3dBlue):Loggy - Introduce to reverseing golang binary
免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉。
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论