{ ls ./malware-analysis }

Malware Analysis.

In-depth malware analysis and threat research: loaders, stealers and backdoors dissected down to their C2 configs.

Breaking the Base: AMOS Stealer’s Custom Base64 Secrets Exposed
Malware1st January, 2025

Breaking the Base: AMOS Stealer’s Custom Base64 Secrets Exposed

AMOS Stealer (also known as Atomic Stealer) is a sophisticated malware targeting macOS systems. It utilizes advanced encoding/encryption schemes to obfuscate its activities and evade detection. This analysis covers the malware’s C2 communication protocols, detection strategies, and one of the key encoding/encryption methods it employs. This is just one of several active encoding and encryption techniques used by AMOS currently, which contribute to its ongoing effectiveness in avoiding security measures and compromising systems. Understanding these tactics is crucial for enhancing defenses against this evolving threat.

cat writeup.md →
Shell Shocked: The Oyster Backdoor Update
Malware15th September, 2024

Shell Shocked: The Oyster Backdoor Update

In September 2024, a new version of the Oyster Backdoor, also known as CleanUpLoader, was discovered. It spread through fake software downloads via ads on search engines, posing as legitimate applications like Teams, Edge, and Chrome. The malware was linked to a specific company issuing certificates and showed similarities to earlier Oyster campaigns.

cat writeup.md →
Latrodectus: Unweaving the Web
Malware30th April, 2024

Latrodectus: Unweaving the Web

Unlock the secrets of Latrodectus, a cutting-edge loader malware shaking up the cybersecurity world. Explore its evolving delivery tactics, payload execution, and decryption strategies in a detailed analysis. Delve into the inner workings of this sophisticated threat and uncover its hidden complexities.

cat writeup.md →
Koi Loader/Stealer: Part 1
Malware8th April, 2024

Koi Loader/Stealer: Part 1

Part 1 of the overview and analysis of the Koi Loader/Koi Stealer campaign will specifically delve into the initial delivery and loading mechanism. This section will detail the infection chain, behavior of various components, and functionalities of the associated malware. The purpose and function of each script and payload involved in the campaign, such as the batch script, JavaScript file, and PowerShell scripts, will be covered.

cat writeup.md →