Poking malware one at a time.
This website is dedicated to malware analysis. Over time I will add pages for tools, resources, and in-depth analysis of malware samples.
Latest from the Blog
The purpose of this post is to document the new persistence methods used by Solarmarker. The previous persistence methods were used from July 2021 until May 2022 (read about those here, here and here). Whether this persistence is short lived or is used for the next year, it is my desire to make it publiclyContinue reading “Solarmarker: May 2022 Persistence”
I have often recommended the book Practical Malware Analysis (PMA) by Michael Sikorski and Andrew Honig; however, the book was originally published in 2012 and there have been no updates to the core book, so if I recommend the book, I always have to give caveats regarding the age and the age of some ofContinue reading “Review: Practical Malware Analysis and Triage (PMAT)”
Payload SHA256: c61348ab7e5ffeb9ba5d1077b13c49bde4d841c5ada9aBackdoor SHA256: 0e673eb418c87268aa3bcb262e8e03a3f719a95a8e118ba99515c57c9aa02d38Backdoor C2: 220.127.116.11 Solarmarker (AKA JupyterInfostealer AKA YellowCockatoo AKA Polazert) is still a trending malware. According to Expel.io the malware accounted for 33% of their identified malicious payloads in September 2021. Several companies have published write-ups: they often dig deep and the writeups and detection methods often fall out of dateContinue reading “Solarmarker: by any other name”
Get new content delivered directly to your inbox.