Loggy - Introduce to reverseing golang binary

2025年2月10日16:33:28评论8 views字数 1337阅读4分27秒阅读模式

Loggy - Introduce to reverseing golang binary

Janice from accounting is beside herself! Shewas contacted by the SOC to tell her that her work credentials were found on the dark web by the threat intel team. We managed to recover some files from her machine and sent them to the our REM analyst.

Loggy - Introduce to reverseing golang binary

What programming language (and version) is this malware written in?

retrieve from string:

Loggy - Introduce to reverseing golang binary

Loggy - Introduce to reverseing golang binary

There are multiple GitHub repos referenced in the static strings. Which GitHub repo would be most likely suggest the ability of this malware to exfiltrate data?

Loggy - Introduce to reverseing golang binary

github.com/jlaffaye/ftp

What dependency, expressed as a GitHub repo, supports Janice’s assertion that she thought she downloaded something that can just take screenshots?

github.com/kbinani/screenshot

Which function call suggests that the malware produces a file after execution?

checking in the IAT

Loggy - Introduce to reverseing golang binary

WriteFile

You observe that the malware is exfiltrating data over FTP. What is the domain it is exfiltrating data to?

Loggy - Introduce to reverseing golang binary

gotthem.htb

What are the threat actor’s credentials?

留意这function call

github_com_jlaffaye_ftp__ptr_ServerConn_Login

Loggy - Introduce to reverseing golang binary

Loggy - Introduce to reverseing golang binary

Loggy - Introduce to reverseing golang binary

发现login函数在main中被调用：

Loggy - Introduce to reverseing golang binary

在调用处可以看到前面有两次入参的操作：

Loggy - Introduce to reverseing golang binary

NottaHacker:Cle@rtextP@ssword

What file keeps getting written to disk?

Loggy - Introduce to reverseing golang binary

Loggy - Introduce to reverseing golang binary

Loggy - Introduce to reverseing golang binary

keylog.txt

When Janice changed her password, this was captured in a file. What is Janice's username and password?

Loggy - Introduce to reverseing golang binary

janice:Password123

What app did Janice have open the last time she ran the "screenshot app"?

见附件中的沙箱运行截图：

Loggy - Introduce to reverseing golang binary

https://learn.microsoft.com/en-us/xandr/monetize/buying-microsoft-casual-games-windows-o-o-apps

Solitaire

原文始发于微信公众号（Definite R3dBlue）：Loggy - Introduce to reverseing golang binary

免责声明:文章中涉及的程序(方法)可能带有攻击性，仅供安全研究与教学之用，读者将其信息做其他用途，由读者承担全部法律及连带责任，本站不承担任何法律及连带责任；如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截，联系方式见首页)，望知悉。

左青龙
微信扫一扫

右白虎
微信扫一扫

类似阿里ctf《打卡OK？》非预期字典？

深伪视频揭秘-AI换脸复现与检测

美国空中任务通知系统中断数小时后恢复运营初步判断为硬件问题

DeepSeek AI 大模型在涉网案件聊天记录分析中的实战应用

针对虚拟货币从业人员银狐钓鱼样本分析

长亭一面结果出来了。。。

WiFi 密码破解：技术、工具和高级攻击

长亭实习生一面。。。

网络安全行业老牛马，该如何破局？

加拿大网络安全研究所 | DIDarknet:一种利用深度图像学习检测和表征暗网流量的现代方法

本文由 admin 发表于 2025年2月10日16:33:28
转载请保留本文链接(CN-SEC中文网:感谢原作者辛苦付出)：
Loggy - Introduce to reverseing golang binaryhttps://cn-sec.com/archives/3690173.html
免责声明:文章中涉及的程序(方法)可能带有攻击性，仅供安全研究与教学之用，读者将其信息做其他用途，由读者承担全部法律及连带责任，本站不承担任何法律及连带责任；如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截，联系方式见首页)，望知悉.

目录

在线咨询

13688888888

8888 QQ在线咨询

微信
本页二维码