https://binhex.ninja/ 2025-10-23 Weekly 1.0 https://binhex.ninja/favicons/light_logo.ico BinHex Favicon https://binhex.ninja/img/IMG_1099-200w.avif Saptarshi Laha https://binhex.ninja/img/IMG_1099-400w.avif Saptarshi Laha https://binhex.ninja/img/IMG_1099-200w.webp Saptarshi Laha https://binhex.ninja/img/IMG_1099-400w.webp Saptarshi Laha https://binhex.ninja/img/IMG_1099.png Saptarshi Laha https://binhex.ninja/img/OIG1-topaz-text-sharpen-lighting-upscale-3.4x-400w.avif Breaking the Base: AMOS Stealer’s Custom Base64 Secrets Exposed https://binhex.ninja/img/OIG1-topaz-text-sharpen-lighting-upscale-3.4x-800w.avif Breaking the Base: AMOS Stealer’s Custom Base64 Secrets Exposed https://binhex.ninja/img/OIG1-topaz-text-sharpen-lighting-upscale-3.4x-1200w.avif Breaking the Base: AMOS Stealer’s Custom Base64 Secrets Exposed https://binhex.ninja/img/OIG1-topaz-text-sharpen-lighting-upscale-3.4x-400w.webp Breaking the Base: AMOS Stealer’s Custom Base64 Secrets Exposed https://binhex.ninja/img/OIG1-topaz-text-sharpen-lighting-upscale-3.4x-800w.webp Breaking the Base: AMOS Stealer’s Custom Base64 Secrets Exposed https://binhex.ninja/img/OIG1-topaz-text-sharpen-lighting-upscale-3.4x-1200w.webp Breaking the Base: AMOS Stealer’s Custom Base64 Secrets Exposed https://binhex.ninja/img/OIG1-topaz-text-sharpen-lighting-upscale-3.4x.jpeg Breaking the Base: AMOS Stealer’s Custom Base64 Secrets Exposed https://binhex.ninja/img/mal3-400w.avif Shell Shocked: The Oyster Backdoor Update https://binhex.ninja/img/mal3-800w.avif Shell Shocked: The Oyster Backdoor Update https://binhex.ninja/img/mal3-1200w.avif Shell Shocked: The Oyster Backdoor Update https://binhex.ninja/img/mal3-400w.webp Shell Shocked: The Oyster Backdoor Update https://binhex.ninja/img/mal3-800w.webp Shell Shocked: The Oyster Backdoor Update https://binhex.ninja/img/mal3-1200w.webp Shell Shocked: The Oyster Backdoor Update https://binhex.ninja/img/mal3.jpeg Shell Shocked: The Oyster Backdoor Update https://binhex.ninja/img/mal2-400w.avif Latrodectus: Unweaving the Web https://binhex.ninja/img/mal2-800w.avif Latrodectus: Unweaving the Web https://binhex.ninja/img/mal2-1200w.avif Latrodectus: Unweaving the Web https://binhex.ninja/img/mal2-400w.webp Latrodectus: Unweaving the Web https://binhex.ninja/img/mal2-800w.webp Latrodectus: Unweaving the Web https://binhex.ninja/img/mal2-1200w.webp Latrodectus: Unweaving the Web https://binhex.ninja/img/mal2.jpg Latrodectus: Unweaving the Web https://binhex.ninja/img/mal1-400w.avif Koi Loader/Stealer: Part 1 https://binhex.ninja/img/mal1-800w.avif Koi Loader/Stealer: Part 1 https://binhex.ninja/img/mal1-1200w.avif Koi Loader/Stealer: Part 1 https://binhex.ninja/img/mal1-400w.webp Koi Loader/Stealer: Part 1 https://binhex.ninja/img/mal1-800w.webp Koi Loader/Stealer: Part 1 https://binhex.ninja/img/mal1-1200w.webp Koi Loader/Stealer: Part 1 https://binhex.ninja/img/mal1.jpeg Koi Loader/Stealer: Part 1 https://binhex.ninja/img/ctf1-400w.avif Zero Days CTF (2024) RE - 5 https://binhex.ninja/img/ctf1-800w.avif Zero Days CTF (2024) RE - 5 https://binhex.ninja/img/ctf1-1200w.avif Zero Days CTF (2024) RE - 5 https://binhex.ninja/img/ctf1-400w.webp Zero Days CTF (2024) RE - 5 https://binhex.ninja/img/ctf1-800w.webp Zero Days CTF (2024) RE - 5 https://binhex.ninja/img/ctf1-1200w.webp Zero Days CTF (2024) RE - 5 https://binhex.ninja/img/ctf1.jpeg Zero Days CTF (2024) RE - 5 https://binhex.ninja/blogs/ctf-re-blogs.html 2025-10-23 Weekly 0.5 https://binhex.ninja/favicons/light_logo.ico BinHex Favicon https://binhex.ninja/img/ctf1-400w.avif Zero Days CTF (2024) RE - 5 https://binhex.ninja/img/ctf1-800w.avif Zero Days CTF (2024) RE - 5 https://binhex.ninja/img/ctf1-1200w.avif Zero Days CTF (2024) RE - 5 https://binhex.ninja/img/ctf1-400w.webp Zero Days CTF (2024) RE - 5 https://binhex.ninja/img/ctf1-800w.webp Zero Days CTF (2024) RE - 5 https://binhex.ninja/img/ctf1-1200w.webp Zero Days CTF (2024) RE - 5 https://binhex.ninja/img/ctf1.jpeg Zero Days CTF (2024) RE - 5 https://binhex.ninja/blogs/malware-analysis-re-blogs.html 2025-10-23 Weekly 0.5 https://binhex.ninja/favicons/light_logo.ico BinHex Favicon https://binhex.ninja/img/OIG1-topaz-text-sharpen-lighting-upscale-3.4x-400w.avif Breaking the Base: AMOS Stealer’s Custom Base64 Secrets Exposed https://binhex.ninja/img/OIG1-topaz-text-sharpen-lighting-upscale-3.4x-800w.avif Breaking the Base: AMOS Stealer’s Custom Base64 Secrets Exposed https://binhex.ninja/img/OIG1-topaz-text-sharpen-lighting-upscale-3.4x-1200w.avif Breaking the Base: AMOS Stealer’s Custom Base64 Secrets Exposed https://binhex.ninja/img/OIG1-topaz-text-sharpen-lighting-upscale-3.4x-400w.webp Breaking the Base: AMOS Stealer’s Custom Base64 Secrets Exposed https://binhex.ninja/img/OIG1-topaz-text-sharpen-lighting-upscale-3.4x-800w.webp Breaking the Base: AMOS Stealer’s Custom Base64 Secrets Exposed https://binhex.ninja/img/OIG1-topaz-text-sharpen-lighting-upscale-3.4x-1200w.webp Breaking the Base: AMOS Stealer’s Custom Base64 Secrets Exposed https://binhex.ninja/img/OIG1-topaz-text-sharpen-lighting-upscale-3.4x.jpeg Breaking the Base: AMOS Stealer’s Custom Base64 Secrets Exposed https://binhex.ninja/img/mal3-400w.avif Shell Shocked: The Oyster Backdoor Update https://binhex.ninja/img/mal3-800w.avif Shell Shocked: The Oyster Backdoor Update https://binhex.ninja/img/mal3-1200w.avif Shell Shocked: The Oyster Backdoor Update https://binhex.ninja/img/mal3-400w.webp Shell Shocked: The Oyster Backdoor Update https://binhex.ninja/img/mal3-800w.webp Shell Shocked: The Oyster Backdoor Update https://binhex.ninja/img/mal3-1200w.webp Shell Shocked: The Oyster Backdoor Update https://binhex.ninja/img/mal3.jpeg Shell Shocked: The Oyster Backdoor Update https://binhex.ninja/img/mal2-400w.avif Latrodectus: Unweaving the Web https://binhex.ninja/img/mal2-800w.avif Latrodectus: Unweaving the Web https://binhex.ninja/img/mal2-1200w.avif Latrodectus: Unweaving the Web https://binhex.ninja/img/mal2-400w.webp Latrodectus: Unweaving the Web https://binhex.ninja/img/mal2-800w.webp Latrodectus: Unweaving the Web https://binhex.ninja/img/mal2-1200w.webp Latrodectus: Unweaving the Web https://binhex.ninja/img/mal2.jpg Latrodectus: Unweaving the Web https://binhex.ninja/img/mal1-400w.avif Koi Loader/Stealer: Part 1 https://binhex.ninja/img/mal1-800w.avif Koi Loader/Stealer: Part 1 https://binhex.ninja/img/mal1-1200w.avif Koi Loader/Stealer: Part 1 https://binhex.ninja/img/mal1-400w.webp Koi Loader/Stealer: Part 1 https://binhex.ninja/img/mal1-800w.webp Koi Loader/Stealer: Part 1 https://binhex.ninja/img/mal1-1200w.webp Koi Loader/Stealer: Part 1 https://binhex.ninja/img/mal1.jpeg Koi Loader/Stealer: Part 1 https://binhex.ninja/blogs/external-contributions-re-blogs.html 2025-10-23 Weekly 0.5 https://binhex.ninja/favicons/light_logo.ico BinHex Favicon https://binhex.ninja/support/support-the-blog.html 2025-10-23 Weekly 0.5 https://binhex.ninja/favicons/light_logo.ico BinHex Favicon https://binhex.ninja/img/Stripe%20Climate%20Badge.svg Stripe Climate https://binhex.ninja/support/current-supporters.html 2025-10-23 Weekly 0.5 https://binhex.ninja/favicons/light_logo.ico BinHex Favicon https://binhex.ninja/img/malcore_new1.svg Malcore https://binhex.ninja/img/triage_new.svg Triage https://binhex.ninja/img/validin_new.svg Validin https://binhex.ninja/img/logo_new.svg Censys https://binhex.ninja/img/abuse_ch_new.svg Abuse.ch https://binhex.ninja/img/RussianPanda%20Research%20Services_new.svg RussianPanda Research Services https://binhex.ninja/extension.html 2025-10-23 Monthly 0.8 https://binhex.ninja/favicons/light_logo.ico BinHex Favicon https://binhex.ninja/img/clickfix-1.avif Figure 1: ClickFix Variant https://binhex.ninja/img/clickfix-1.webp Figure 1: ClickFix Variant https://binhex.ninja/img/clickfix-1.png Figure 1: ClickFix Variant https://binhex.ninja/img/clickfix-2.avif Figure 2: ClickFix Variant https://binhex.ninja/img/clickfix-2.webp Figure 2: ClickFix Variant https://binhex.ninja/img/clickfix-2.png Figure 2: ClickFix Variant https://binhex.ninja/img/clickfix-3.avif Figure 3: ClickFix Variant https://binhex.ninja/img/clickfix-3.webp Figure 3: ClickFix Variant https://binhex.ninja/img/clickfix-3.png Figure 3: ClickFix Variant https://binhex.ninja/img/clickfix-4.avif Figure 4: BinHex.Ninja Security Extension notifying user of a ClickFix Attack https://binhex.ninja/img/clickfix-4.webp Figure 4: BinHex.Ninja Security Extension notifying user of a ClickFix Attack https://binhex.ninja/img/clickfix-4.png Figure 4: BinHex.Ninja Security Extension notifying user of a ClickFix Attack https://binhex.ninja/img/clickfix-5.avif Figure 5: BinHex.Ninja Security Extension successfully blocking a ClickFix Clipboard Attack https://binhex.ninja/img/clickfix-5.webp Figure 5: BinHex.Ninja Security Extension successfully blocking a ClickFix Clipboard Attack https://binhex.ninja/img/clickfix-5.png Figure 5: BinHex.Ninja Security Extension successfully blocking a ClickFix Clipboard Attack https://binhex.ninja/videos/ClickFix-Block-Demo-1.mp4 https://binhex.ninja/img/clickfix-4.png 📹 Demo 1: In-Depth Threat Protection Watch as the extension instantly detects and blocks a ClickFix attack within an iframe element, preventing malicious commands from reaching your clipboard. https://binhex.ninja/videos/ClickFix-Block-Demo-2.mp4 https://binhex.ninja/img/clickfix-5.png 📹 Demo 2: Multi-Layer Protection See the extension's multi-layer defense system in action, where a ClickFix attack served behind a Cloudflare proxy is detected. https://binhex.ninja/ctf-blogs/zero-days-ctf-2024-re-1.html 2025-10-23 Weekly 0.5 https://binhex.ninja/favicons/light_logo.ico BinHex Favicon https://binhex.ninja/img/ctf1.avif ctf image https://binhex.ninja/img/ctf1.webp ctf image https://binhex.ninja/img/ctf1.jpeg ctf image https://binhex.ninja/img/2024-04-05_18h09_11.avif Figure 1: Initial Challenge Sample https://binhex.ninja/img/2024-04-05_18h09_11.webp Figure 1: Initial Challenge Sample https://binhex.ninja/img/2024-04-05_18h09_11.png Figure 1: Initial Challenge Sample https://binhex.ninja/img/2024-04-05_18h21_21.avif Figure 2: Display of unintelligible data when opening the .pyc file in a text editor https://binhex.ninja/img/2024-04-05_18h21_21.webp Figure 2: Display of unintelligible data when opening the .pyc file in a text editor https://binhex.ninja/img/2024-04-05_18h21_21.png Figure 2: Display of unintelligible data when opening the .pyc file in a text editor https://binhex.ninja/img/2024-04-05_18h30_18.avif Figure 3: Depicts the compiled pycdc.exe binary https://binhex.ninja/img/2024-04-05_18h30_18.webp Figure 3: Depicts the compiled pycdc.exe binary https://binhex.ninja/img/2024-04-05_18h30_18.png Figure 3: Depicts the compiled pycdc.exe binary https://binhex.ninja/img/2024-04-05_18h21_21%20%281%29.avif Figure 4: Illustrates the decompiled mystery.pyc https://binhex.ninja/img/2024-04-05_18h21_21%20%281%29.webp Figure 4: Illustrates the decompiled mystery.pyc https://binhex.ninja/img/2024-04-05_18h21_21%20%281%29.png Figure 4: Illustrates the decompiled mystery.pyc https://binhex.ninja/img/2024-04-05_18h21_21%20%282%29.avif Figure 5: Displays the decoded flag output achieved through CyberChef https://binhex.ninja/img/2024-04-05_18h21_21%20%282%29.webp Figure 5: Displays the decoded flag output achieved through CyberChef https://binhex.ninja/img/2024-04-05_18h21_21%20%282%29.png Figure 5: Displays the decoded flag output achieved through CyberChef https://binhex.ninja/ctf-blogs/zero-days-ctf-2024-re-3.html 2025-10-23 Weekly 0.5 https://binhex.ninja/favicons/light_logo.ico BinHex Favicon https://binhex.ninja/img/ctf1.avif ctf image https://binhex.ninja/img/ctf1.webp ctf image https://binhex.ninja/img/ctf1.jpeg ctf image https://binhex.ninja/img/2024-04-05_18h21_21%20%289%29.avif Figure 1: Depicts the third file, named ‘ ZeroDaysGame.tar.gz ’ https://binhex.ninja/img/2024-04-05_18h21_21%20%289%29.webp Figure 1: Depicts the third file, named ‘ ZeroDaysGame.tar.gz ’ https://binhex.ninja/img/2024-04-05_18h21_21%20%289%29.png Figure 1: Depicts the third file, named ‘ ZeroDaysGame.tar.gz ’ https://binhex.ninja/img/2024-04-05_18h21_21%20%2810%29.avif Figure 2: Illustrates the contents of the .tar.gz archive after the initial extraction https://binhex.ninja/img/2024-04-05_18h21_21%20%2810%29.webp Figure 2: Illustrates the contents of the .tar.gz archive after the initial extraction https://binhex.ninja/img/2024-04-05_18h21_21%20%2810%29.png Figure 2: Illustrates the contents of the .tar.gz archive after the initial extraction https://binhex.ninja/img/2024-04-05_18h21_21%20%2811%29.avif Figure 3: Illustrates the contents of the .tar archive after extraction https://binhex.ninja/img/2024-04-05_18h21_21%20%2811%29.webp Figure 3: Illustrates the contents of the .tar archive after extraction https://binhex.ninja/img/2024-04-05_18h21_21%20%2811%29.png Figure 3: Illustrates the contents of the .tar archive after extraction https://binhex.ninja/img/2024-04-05_18h21_21%20%2812%29.avif Figure 4: Displays the contents of the extracted folder https://binhex.ninja/img/2024-04-05_18h21_21%20%2812%29.webp Figure 4: Displays the contents of the extracted folder https://binhex.ninja/img/2024-04-05_18h21_21%20%2812%29.png Figure 4: Displays the contents of the extracted folder https://binhex.ninja/img/2024-04-05_18h21_21%20%2813%29.avif Figure 5: Highlights the occurrence of the word " Unity " multiple times within the filenames in the folder https://binhex.ninja/img/2024-04-05_18h21_21%20%2813%29.webp Figure 5: Highlights the occurrence of the word " Unity " multiple times within the filenames in the folder https://binhex.ninja/img/2024-04-05_18h21_21%20%2813%29.png Figure 5: Highlights the occurrence of the word " Unity " multiple times within the filenames in the folder https://binhex.ninja/img/2024-04-05_18h21_21%20%2814%29.avif Figure 6: Illustrates the interface of AssetStudioGUI https://binhex.ninja/img/2024-04-05_18h21_21%20%2814%29.webp Figure 6: Illustrates the interface of AssetStudioGUI https://binhex.ninja/img/2024-04-05_18h21_21%20%2814%29.png Figure 6: Illustrates the interface of AssetStudioGUI https://binhex.ninja/img/2024-04-05_18h21_21%20%2815%29.avif Figure 7: Depicts the " Load Folder " option within AssetStudioGUI https://binhex.ninja/img/2024-04-05_18h21_21%20%2815%29.webp Figure 7: Depicts the " Load Folder " option within AssetStudioGUI https://binhex.ninja/img/2024-04-05_18h21_21%20%2815%29.png Figure 7: Depicts the " Load Folder " option within AssetStudioGUI https://binhex.ninja/img/2024-04-05_23h18_24%20%281%29.avif Figure 8: Illustrates the “ Asset List ” tab and highlights the “ Text ” asset https://binhex.ninja/img/2024-04-05_23h18_24%20%281%29.webp Figure 8: Illustrates the “ Asset List ” tab and highlights the “ Text ” asset https://binhex.ninja/img/2024-04-05_23h18_24%20%281%29.png Figure 8: Illustrates the “ Asset List ” tab and highlights the “ Text ” asset https://binhex.ninja/img/2024-04-05_23h18_24%20%282%29.avif Figure 9: Depicts the flag within the AssetStudioGUI interface https://binhex.ninja/img/2024-04-05_23h18_24%20%282%29.webp Figure 9: Depicts the flag within the AssetStudioGUI interface https://binhex.ninja/img/2024-04-05_23h18_24%20%282%29.png Figure 9: Depicts the flag within the AssetStudioGUI interface https://binhex.ninja/ctf-blogs/zero-days-ctf-2024-re-2.html 2025-10-23 Weekly 0.5 https://binhex.ninja/favicons/light_logo.ico BinHex Favicon https://binhex.ninja/img/ctf1.avif ctf image https://binhex.ninja/img/ctf1.webp ctf image https://binhex.ninja/img/ctf1.jpeg ctf image https://binhex.ninja/img/2024-04-05_18h21_21%20%283%29.avif Figure 1: Displays the file ‘ chall ’ https://binhex.ninja/img/2024-04-05_18h21_21%20%283%29.webp Figure 1: Displays the file ‘ chall ’ https://binhex.ninja/img/2024-04-05_18h21_21%20%283%29.png Figure 1: Displays the file ‘ chall ’ https://binhex.ninja/img/2024-04-05_18h21_21%20%284%29.avif Figure 2: Illustrates ELF bytes observed in HxD https://binhex.ninja/img/2024-04-05_18h21_21%20%284%29.webp Figure 2: Illustrates ELF bytes observed in HxD https://binhex.ninja/img/2024-04-05_18h21_21%20%284%29.png Figure 2: Illustrates ELF bytes observed in HxD https://binhex.ninja/img/2024-04-05_18h21_21%20%285%29.avif Figure 3: Displays Detect-It-Easy indicating that the binary is packed with UPX https://binhex.ninja/img/2024-04-05_18h21_21%20%285%29.webp Figure 3: Displays Detect-It-Easy indicating that the binary is packed with UPX https://binhex.ninja/img/2024-04-05_18h21_21%20%285%29.png Figure 3: Displays Detect-It-Easy indicating that the binary is packed with UPX https://binhex.ninja/img/2024-04-05_18h21_21%20%286%29.avif Figure 4: Demonstrates the utilization of the UPX unpack command to generate the resulting unpacked binary https://binhex.ninja/img/2024-04-05_18h21_21%20%286%29.webp Figure 4: Demonstrates the utilization of the UPX unpack command to generate the resulting unpacked binary https://binhex.ninja/img/2024-04-05_18h21_21%20%286%29.png Figure 4: Demonstrates the utilization of the UPX unpack command to generate the resulting unpacked binary https://binhex.ninja/img/2024-04-05_18h21_21%20%287%29.avif Figure 5: Depicts the unpacked sample as identified in Detect-It-Easy https://binhex.ninja/img/2024-04-05_18h21_21%20%287%29.webp Figure 5: Depicts the unpacked sample as identified in Detect-It-Easy https://binhex.ninja/img/2024-04-05_18h21_21%20%287%29.png Figure 5: Depicts the unpacked sample as identified in Detect-It-Easy https://binhex.ninja/img/2024-04-05_18h21_21%20%288%29.avif Figure 6: Illustrates the main function of the file in Binary Ninja , highlighting the flag string https://binhex.ninja/img/2024-04-05_18h21_21%20%288%29.webp Figure 6: Illustrates the main function of the file in Binary Ninja , highlighting the flag string https://binhex.ninja/img/2024-04-05_18h21_21%20%288%29.png Figure 6: Illustrates the main function of the file in Binary Ninja , highlighting the flag string https://binhex.ninja/ctf-blogs/zero-days-ctf-2024-re-5.html 2025-10-23 Weekly 0.5 https://binhex.ninja/favicons/light_logo.ico BinHex Favicon https://binhex.ninja/img/ctf1.avif ctf image https://binhex.ninja/img/ctf1.webp ctf image https://binhex.ninja/img/ctf1.jpeg ctf image https://binhex.ninja/img/2024-04-06_22h44_28.avif Figure 1: Illustrates the ' the_kings_secret.zip ' file https://binhex.ninja/img/2024-04-06_22h44_28.webp Figure 1: Illustrates the ' the_kings_secret.zip ' file https://binhex.ninja/img/2024-04-06_22h44_28.png Figure 1: Illustrates the ' the_kings_secret.zip ' file https://binhex.ninja/img/2024-04-06_22h44_28%20%281%29.avif Figure 2: Depicts the contents extracted from the ZIP file https://binhex.ninja/img/2024-04-06_22h44_28%20%281%29.webp Figure 2: Depicts the contents extracted from the ZIP file https://binhex.ninja/img/2024-04-06_22h44_28%20%281%29.png Figure 2: Depicts the contents extracted from the ZIP file https://binhex.ninja/img/2024-04-06_22h44_28%20%282%29.avif Figure 3: Depicts the analysis of the executable file using Detect-It-Easy https://binhex.ninja/img/2024-04-06_22h44_28%20%282%29.webp Figure 3: Depicts the analysis of the executable file using Detect-It-Easy https://binhex.ninja/img/2024-04-06_22h44_28%20%282%29.png Figure 3: Depicts the analysis of the executable file using Detect-It-Easy https://binhex.ninja/img/2024-04-06_22h44_28%20%283%29.avif Figure 4: Illustrates the initial variable declarations observed in the main() function https://binhex.ninja/img/2024-04-06_22h44_28%20%283%29.webp Figure 4: Illustrates the initial variable declarations observed in the main() function https://binhex.ninja/img/2024-04-06_22h44_28%20%283%29.png Figure 4: Illustrates the initial variable declarations observed in the main() function https://binhex.ninja/img/2024-04-06_22h44_28%20%284%29.avif Figure 5: Depicts the first fgets() function encountered in the code https://binhex.ninja/img/2024-04-06_22h44_28%20%284%29.webp Figure 5: Depicts the first fgets() function encountered in the code https://binhex.ninja/img/2024-04-06_22h44_28%20%284%29.png Figure 5: Depicts the first fgets() function encountered in the code https://binhex.ninja/img/2024-04-06_22h44_28%20%285%29.avif Figure 6: Depicts the second fgets() function encountered in the code https://binhex.ninja/img/2024-04-06_22h44_28%20%285%29.webp Figure 6: Depicts the second fgets() function encountered in the code https://binhex.ninja/img/2024-04-06_22h44_28%20%285%29.png Figure 6: Depicts the second fgets() function encountered in the code https://binhex.ninja/img/2024-04-06_22h44_28%20%286%29.avif Figure 7: Depicts the two loops utilized in validating the first and second input strings https://binhex.ninja/img/2024-04-06_22h44_28%20%286%29.webp Figure 7: Depicts the two loops utilized in validating the first and second input strings https://binhex.ninja/img/2024-04-06_22h44_28%20%286%29.png Figure 7: Depicts the two loops utilized in validating the first and second input strings https://binhex.ninja/img/2024-04-06_22h44_28%20%287%29.avif Figure 8: Displays the var_250 array as depicted in the decompiled code https://binhex.ninja/img/2024-04-06_22h44_28%20%287%29.webp Figure 8: Displays the var_250 array as depicted in the decompiled code https://binhex.ninja/img/2024-04-06_22h44_28%20%287%29.png Figure 8: Displays the var_250 array as depicted in the decompiled code https://binhex.ninja/img/2024-04-06_22h44_28%20%288%29.avif Figure 9: Illustrates the decoding of the expected second input string using CyberChef https://binhex.ninja/img/2024-04-06_22h44_28%20%288%29.webp Figure 9: Illustrates the decoding of the expected second input string using CyberChef https://binhex.ninja/img/2024-04-06_22h44_28%20%288%29.png Figure 9: Illustrates the decoding of the expected second input string using CyberChef https://binhex.ninja/img/2024-04-06_22h44_28%20%289%29.avif Figure 10: Displays the var_290 array as depicted in the decompiled code https://binhex.ninja/img/2024-04-06_22h44_28%20%289%29.webp Figure 10: Displays the var_290 array as depicted in the decompiled code https://binhex.ninja/img/2024-04-06_22h44_28%20%289%29.png Figure 10: Displays the var_290 array as depicted in the decompiled code https://binhex.ninja/img/2024-04-06_22h44_28%20%2810%29.avif Figure 11: Illustrates the decoding of the expected first input string using CyberChef https://binhex.ninja/img/2024-04-06_22h44_28%20%2810%29.webp Figure 11: Illustrates the decoding of the expected first input string using CyberChef https://binhex.ninja/img/2024-04-06_22h44_28%20%2810%29.png Figure 11: Illustrates the decoding of the expected first input string using CyberChef https://binhex.ninja/img/2024-04-06_22h44_28%20%2811%29.avif Figure 12: Depicts the data array of the CipherText variable https://binhex.ninja/img/2024-04-06_22h44_28%20%2811%29.webp Figure 12: Depicts the data array of the CipherText variable https://binhex.ninja/img/2024-04-06_22h44_28%20%2811%29.png Figure 12: Depicts the data array of the CipherText variable https://binhex.ninja/img/2024-04-06_22h44_28%20%2812%29.avif Figure 13: Displays the function prototype of the function wrapped by the j_SimpleDecryption() function https://binhex.ninja/img/2024-04-06_22h44_28%20%2812%29.webp Figure 13: Displays the function prototype of the function wrapped by the j_SimpleDecryption() function https://binhex.ninja/img/2024-04-06_22h44_28%20%2812%29.png Figure 13: Displays the function prototype of the function wrapped by the j_SimpleDecryption() function https://binhex.ninja/img/2024-04-06_22h44_28%20%2813%29.avif Figure 14: Depicts the flag obtained through manual decryption using CyberChef https://binhex.ninja/img/2024-04-06_22h44_28%20%2813%29.webp Figure 14: Depicts the flag obtained through manual decryption using CyberChef https://binhex.ninja/img/2024-04-06_22h44_28%20%2813%29.png Figure 14: Depicts the flag obtained through manual decryption using CyberChef https://binhex.ninja/ctf-blogs/zero-days-ctf-2024-re-4.html 2025-10-23 Weekly 0.5 https://binhex.ninja/favicons/light_logo.ico BinHex Favicon https://binhex.ninja/img/ctf1.avif ctf image https://binhex.ninja/img/ctf1.webp ctf image https://binhex.ninja/img/ctf1.jpeg ctf image https://binhex.ninja/img/2024-04-06_00h14_051.avif Figure 1: Illustrates the executable file ‘ acup.exe ’ https://binhex.ninja/img/2024-04-06_00h14_051.webp Figure 1: Illustrates the executable file ‘ acup.exe ’ https://binhex.ninja/img/2024-04-06_00h14_051.png Figure 1: Illustrates the executable file ‘ acup.exe ’ https://binhex.ninja/img/2024-04-06_00h14_05.avif Figure 2: Analysis with Detect-It-Easy reveals the utilization of PyInstaller https://binhex.ninja/img/2024-04-06_00h14_05.webp Figure 2: Analysis with Detect-It-Easy reveals the utilization of PyInstaller https://binhex.ninja/img/2024-04-06_00h14_05.png Figure 2: Analysis with Detect-It-Easy reveals the utilization of PyInstaller https://binhex.ninja/img/2024-04-06_00h14_05%20%281%29.avif Figure 3: Output of pyinstxtractor.py displaying potential entry points https://binhex.ninja/img/2024-04-06_00h14_05%20%281%29.webp Figure 3: Output of pyinstxtractor.py displaying potential entry points https://binhex.ninja/img/2024-04-06_00h14_05%20%281%29.png Figure 3: Output of pyinstxtractor.py displaying potential entry points https://binhex.ninja/img/2024-04-06_00h14_05%20%282%29.avif Figure 4: Directory generated by pyinstxtractor.py https://binhex.ninja/img/2024-04-06_00h14_05%20%282%29.webp Figure 4: Directory generated by pyinstxtractor.py https://binhex.ninja/img/2024-04-06_00h14_05%20%282%29.png Figure 4: Directory generated by pyinstxtractor.py https://binhex.ninja/img/2024-04-06_00h14_05%20%283%29.avif Figure 5: Python bytecode (.pyc) file extracted by pyinstxtractor.py https://binhex.ninja/img/2024-04-06_00h14_05%20%283%29.webp Figure 5: Python bytecode (.pyc) file extracted by pyinstxtractor.py https://binhex.ninja/img/2024-04-06_00h14_05%20%283%29.png Figure 5: Python bytecode (.pyc) file extracted by pyinstxtractor.py https://binhex.ninja/img/2024-04-06_00h14_05%20%284%29.avif Figure 6: Represents the file selected for analysis https://binhex.ninja/img/2024-04-06_00h14_05%20%284%29.webp Figure 6: Represents the file selected for analysis https://binhex.ninja/img/2024-04-06_00h14_05%20%284%29.png Figure 6: Represents the file selected for analysis https://binhex.ninja/img/2024-04-06_00h14_05%20%285%29.avif Figure 7: Illustrates the decompilation output of the ‘ acup.pyc ’ file using pycdc.exe https://binhex.ninja/img/2024-04-06_00h14_05%20%285%29.webp Figure 7: Illustrates the decompilation output of the ‘ acup.pyc ’ file using pycdc.exe https://binhex.ninja/img/2024-04-06_00h14_05%20%285%29.png Figure 7: Illustrates the decompilation output of the ‘ acup.pyc ’ file using pycdc.exe https://binhex.ninja/img/2024-04-06_00h14_05%20%286%29.avif Figure 8: Illustrates the expected input string for the second condition in the code https://binhex.ninja/img/2024-04-06_00h14_05%20%286%29.webp Figure 8: Illustrates the expected input string for the second condition in the code https://binhex.ninja/img/2024-04-06_00h14_05%20%286%29.png Figure 8: Illustrates the expected input string for the second condition in the code https://binhex.ninja/img/2024-04-06_00h14_05%20%287%29.avif Figure 9: Illustrates the base64 encoding of the expected input string https://binhex.ninja/img/2024-04-06_00h14_05%20%287%29.webp Figure 9: Illustrates the base64 encoding of the expected input string https://binhex.ninja/img/2024-04-06_00h14_05%20%287%29.png Figure 9: Illustrates the base64 encoding of the expected input string https://binhex.ninja/img/2024-04-06_00h14_05%20%288%29.avif Figure 10: Displays the output flag https://binhex.ninja/img/2024-04-06_00h14_05%20%288%29.webp Figure 10: Displays the output flag https://binhex.ninja/img/2024-04-06_00h14_05%20%288%29.png Figure 10: Displays the output flag https://binhex.ninja/malware-analysis-blogs/amos-stealer-atomic-stealer-malware.html 2025-10-23 Weekly 0.5 https://binhex.ninja/favicons/light_logo.ico BinHex Favicon https://binhex.ninja/img/OIG1-topaz-text-sharpen-lighting-upscale-3.4x.avif ctf image https://binhex.ninja/img/OIG1-topaz-text-sharpen-lighting-upscale-3.4x.webp ctf image https://binhex.ninja/img/OIG1-topaz-text-sharpen-lighting-upscale-3.4x.jpeg ctf image https://binhex.ninja/img/CleanShot%202024-12-25%20at%2020.03.01@2x.avif Figure 1: Displays the .DMG file that is downloaded by an unsuspecting user https://binhex.ninja/img/CleanShot%202024-12-25%20at%2020.03.01@2x.webp Figure 1: Displays the .DMG file that is downloaded by an unsuspecting user https://binhex.ninja/img/CleanShot%202024-12-25%20at%2020.03.01@2x.png Figure 1: Displays the .DMG file that is downloaded by an unsuspecting user https://binhex.ninja/img/CleanShot%202024-12-22%20at%2023.27.33@2x.avif Figure 2: Displays the installer prompts guiding the user to install the malicious application https://binhex.ninja/img/CleanShot%202024-12-22%20at%2023.27.33@2x.webp Figure 2: Displays the installer prompts guiding the user to install the malicious application https://binhex.ninja/img/CleanShot%202024-12-22%20at%2023.27.33@2x.png Figure 2: Displays the installer prompts guiding the user to install the malicious application https://binhex.ninja/img/CleanShot%202024-12-22%20at%2023.28.42@2x.avif Figure 3: Demonstrates right-clicking the application to open it in a text editor for further inspection https://binhex.ninja/img/CleanShot%202024-12-22%20at%2023.28.42@2x.webp Figure 3: Demonstrates right-clicking the application to open it in a text editor for further inspection https://binhex.ninja/img/CleanShot%202024-12-22%20at%2023.28.42@2x.png Figure 3: Demonstrates right-clicking the application to open it in a text editor for further inspection https://binhex.ninja/img/CleanShot%202024-12-22%20at%2023.28.56@2x.avif Figure 4: Displays the base64-encoded script https://binhex.ninja/img/CleanShot%202024-12-22%20at%2023.28.56@2x.webp Figure 4: Displays the base64-encoded script https://binhex.ninja/img/CleanShot%202024-12-22%20at%2023.28.56@2x.png Figure 4: Displays the base64-encoded script https://binhex.ninja/img/CleanShot%202024-12-25%20at%2020.52.01@2x.avif Figure 5: Displays the decoded script https://binhex.ninja/img/CleanShot%202024-12-25%20at%2020.52.01@2x.webp Figure 5: Displays the decoded script https://binhex.ninja/img/CleanShot%202024-12-25%20at%2020.52.01@2x.png Figure 5: Displays the decoded script https://binhex.ninja/img/CleanShot%202024-12-25%20at%2021.02.08@2x.avif Figure 6: Displays the contents of the RVS folder, including the hidden .RVS file https://binhex.ninja/img/CleanShot%202024-12-25%20at%2021.02.08@2x.webp Figure 6: Displays the contents of the RVS folder, including the hidden .RVS file https://binhex.ninja/img/CleanShot%202024-12-25%20at%2021.02.08@2x.png Figure 6: Displays the contents of the RVS folder, including the hidden .RVS file https://binhex.ninja/img/CleanShot%202024-12-31%20at%2019.47.52@2x.avif Figure 7: Depicts a decompiled code snippet highlighting a custom base64 alphabet, two large hexadecimal strings, operations performed on these str... https://binhex.ninja/img/CleanShot%202024-12-31%20at%2019.47.52@2x.webp Figure 7: Depicts a decompiled code snippet highlighting a custom base64 alphabet, two large hexadecimal strings, operations performed on these str... https://binhex.ninja/img/CleanShot%202024-12-31%20at%2019.47.52@2x.png Figure 7: Depicts a decompiled code snippet highlighting a custom base64 alphabet, two large hexadecimal strings, operations performed on these str... https://binhex.ninja/img/CleanShot%202024-12-31%20at%2021.17.28@2x.avif Figure 8: Depicts the “from hexadecimal” that is applied on the hexadecimal strings https://binhex.ninja/img/CleanShot%202024-12-31%20at%2021.17.28@2x.webp Figure 8: Depicts the “from hexadecimal” that is applied on the hexadecimal strings https://binhex.ninja/img/CleanShot%202024-12-31%20at%2021.17.28@2x.png Figure 8: Depicts the “from hexadecimal” that is applied on the hexadecimal strings https://binhex.ninja/img/CleanShot%202024-12-31%20at%2021.47.26@2x.avif Figure 9: Depicts the base64 decode operation that is applied on the previous output string using the custom alphabet https://binhex.ninja/img/CleanShot%202024-12-31%20at%2021.47.26@2x.webp Figure 9: Depicts the base64 decode operation that is applied on the previous output string using the custom alphabet https://binhex.ninja/img/CleanShot%202024-12-31%20at%2021.47.26@2x.png Figure 9: Depicts the base64 decode operation that is applied on the previous output string using the custom alphabet https://binhex.ninja/img/CleanShot%202025-01-01%20at%2015.43.03@2x.avif Figure 10: Depicts the invocation of two _system commands in the decompiled code https://binhex.ninja/img/CleanShot%202025-01-01%20at%2015.43.03@2x.webp Figure 10: Depicts the invocation of two _system commands in the decompiled code https://binhex.ninja/img/CleanShot%202025-01-01%20at%2015.43.03@2x.png Figure 10: Depicts the invocation of two _system commands in the decompiled code https://binhex.ninja/img/CleanShot%202025-01-01%20at%2016.48.38@2x.avif Figure 11: Depicts the malware prompting the user to enter their password, masquerading as a System Preferences request https://binhex.ninja/img/CleanShot%202025-01-01%20at%2016.48.38@2x.webp Figure 11: Depicts the malware prompting the user to enter their password, masquerading as a System Preferences request https://binhex.ninja/img/CleanShot%202025-01-01%20at%2016.48.38@2x.png Figure 11: Depicts the malware prompting the user to enter their password, masquerading as a System Preferences request https://binhex.ninja/img/CleanShot%202025-01-01%20at%2016.58.25x@2x.avif Figure 12: Depicts the malware-related files and folders that are created during execution https://binhex.ninja/img/CleanShot%202025-01-01%20at%2016.58.25x@2x.webp Figure 12: Depicts the malware-related files and folders that are created during execution https://binhex.ninja/img/CleanShot%202025-01-01%20at%2016.58.25x@2x.png Figure 12: Depicts the malware-related files and folders that are created during execution https://binhex.ninja/img/CleanShot%202025-01-01%20at%2016.56.29@2x.avif Figure 13: Shows the network packets from the malware's attempt to connect to its C2 server for data exfiltration https://binhex.ninja/img/CleanShot%202025-01-01%20at%2016.56.29@2x.webp Figure 13: Shows the network packets from the malware's attempt to connect to its C2 server for data exfiltration https://binhex.ninja/img/CleanShot%202025-01-01%20at%2016.56.29@2x.png Figure 13: Shows the network packets from the malware's attempt to connect to its C2 server for data exfiltration https://binhex.ninja/img/CleanShot%202025-01-01%20at%2019.19.00@2x.avif Figure 14: Illustrates the hosts identified using the aforementioned query https://binhex.ninja/img/CleanShot%202025-01-01%20at%2019.19.00@2x.webp Figure 14: Illustrates the hosts identified using the aforementioned query https://binhex.ninja/img/CleanShot%202025-01-01%20at%2019.19.00@2x.png Figure 14: Illustrates the hosts identified using the aforementioned query https://binhex.ninja/img/CleanShot%202025-01-01%20at%2019.22.42@2x.avif Figure 15: Displays the IPs identified with a red spike, signifying those confirmed to be directly associated with the AMOS Stealer campaign https://binhex.ninja/img/CleanShot%202025-01-01%20at%2019.22.42@2x.webp Figure 15: Displays the IPs identified with a red spike, signifying those confirmed to be directly associated with the AMOS Stealer campaign https://binhex.ninja/img/CleanShot%202025-01-01%20at%2019.22.42@2x.png Figure 15: Displays the IPs identified with a red spike, signifying those confirmed to be directly associated with the AMOS Stealer campaign https://binhex.ninja/malware-analysis-blogs/koi-loader-koi-stealer-malware.html 2025-10-23 Weekly 0.5 https://binhex.ninja/favicons/light_logo.ico BinHex Favicon https://binhex.ninja/img/mal1.avif koi image https://binhex.ninja/img/mal1.webp koi image https://binhex.ninja/img/mal1.jpeg koi image https://binhex.ninja/img/Untitled%2BDiagram.drawio%2B%284%29.avif Figure 1: Illustrates the infection chain of the Koi Loader/Koi Stealer campaign https://binhex.ninja/img/Untitled%2BDiagram.drawio%2B%284%29.webp Figure 1: Illustrates the infection chain of the Koi Loader/Koi Stealer campaign https://binhex.ninja/img/Untitled%2BDiagram.drawio%2B%284%29.png Figure 1: Illustrates the infection chain of the Koi Loader/Koi Stealer campaign https://binhex.ninja/img/GKWCdHDXEAAmvWa.avif Figure 2: Brad's depiction of the step-by-step process of the infected ZIP download from the perspective of an unsuspecting user https://binhex.ninja/img/GKWCdHDXEAAmvWa.webp Figure 2: Brad's depiction of the step-by-step process of the infected ZIP download from the perspective of an unsuspecting user https://binhex.ninja/img/GKWCdHDXEAAmvWa.png Figure 2: Brad's depiction of the step-by-step process of the infected ZIP download from the perspective of an unsuspecting user https://binhex.ninja/img/2024-04-07_17h48_49.avif Figure 3: Illustrates the malicious ZIP file, disguised as a Chase Bank statement https://binhex.ninja/img/2024-04-07_17h48_49.webp Figure 3: Illustrates the malicious ZIP file, disguised as a Chase Bank statement https://binhex.ninja/img/2024-04-07_17h48_49.png Figure 3: Illustrates the malicious ZIP file, disguised as a Chase Bank statement https://binhex.ninja/img/2024-04-07_17h48_49%20%281%29.avif Figure 4: Depicts the LNK file impersonating a PDF document https://binhex.ninja/img/2024-04-07_17h48_49%20%281%29.webp Figure 4: Depicts the LNK file impersonating a PDF document https://binhex.ninja/img/2024-04-07_17h48_49%20%281%29.png Figure 4: Depicts the LNK file impersonating a PDF document https://binhex.ninja/img/2024-04-07_17h48_49%20%282%29.avif Figure 5: Illustrates the malicious command line associated with the LNK file https://binhex.ninja/img/2024-04-07_17h48_49%20%282%29.webp Figure 5: Illustrates the malicious command line associated with the LNK file https://binhex.ninja/img/2024-04-07_17h48_49%20%282%29.png Figure 5: Illustrates the malicious command line associated with the LNK file https://binhex.ninja/img/2024-04-07_17h48_49%20%283%29.avif Figure 6: Depicts the downloaded malicious BAT file https://binhex.ninja/img/2024-04-07_17h48_49%20%283%29.webp Figure 6: Depicts the downloaded malicious BAT file https://binhex.ninja/img/2024-04-07_17h48_49%20%283%29.png Figure 6: Depicts the downloaded malicious BAT file https://binhex.ninja/img/2024-04-07_17h48_49%20%284%29.avif Figure 7: Illustrates the batch script contained within the malicious BAT file https://binhex.ninja/img/2024-04-07_17h48_49%20%284%29.webp Figure 7: Illustrates the batch script contained within the malicious BAT file https://binhex.ninja/img/2024-04-07_17h48_49%20%284%29.png Figure 7: Illustrates the batch script contained within the malicious BAT file https://binhex.ninja/img/2024-04-07_17h48_49%20%285%29.avif Figure 8: Depicts the downloaded malicious JS file https://binhex.ninja/img/2024-04-07_17h48_49%20%285%29.webp Figure 8: Depicts the downloaded malicious JS file https://binhex.ninja/img/2024-04-07_17h48_49%20%285%29.png Figure 8: Depicts the downloaded malicious JS file https://binhex.ninja/img/2024-04-07_17h48_49%20%286%29.avif Figure 9: Illustrates the obfuscated contents of the JS file https://binhex.ninja/img/2024-04-07_17h48_49%20%286%29.webp Figure 9: Illustrates the obfuscated contents of the JS file https://binhex.ninja/img/2024-04-07_17h48_49%20%286%29.png Figure 9: Illustrates the obfuscated contents of the JS file https://binhex.ninja/img/2024-04-07_17h48_49%20%287%29.avif Figure 10: Illustrates the downloaded malicious PowerShell scripts https://binhex.ninja/img/2024-04-07_17h48_49%20%287%29.webp Figure 10: Illustrates the downloaded malicious PowerShell scripts https://binhex.ninja/img/2024-04-07_17h48_49%20%287%29.png Figure 10: Illustrates the downloaded malicious PowerShell scripts https://binhex.ninja/img/2024-04-07_17h48_49%20%288%29.avif Figure 11: Illustrates the script contained within agent1.ps1 https://binhex.ninja/img/2024-04-07_17h48_49%20%288%29.webp Figure 11: Illustrates the script contained within agent1.ps1 https://binhex.ninja/img/2024-04-07_17h48_49%20%288%29.png Figure 11: Illustrates the script contained within agent1.ps1 https://binhex.ninja/img/2024-04-07_17h48_49%20%289%29.avif Figure 12: Displays the values of variables $c and $f as set by agent1.ps1 https://binhex.ninja/img/2024-04-07_17h48_49%20%289%29.webp Figure 12: Displays the values of variables $c and $f as set by agent1.ps1 https://binhex.ninja/img/2024-04-07_17h48_49%20%289%29.png Figure 12: Displays the values of variables $c and $f as set by agent1.ps1 https://binhex.ninja/img/2024-04-07_17h48_49%20%2810%29.avif Figure 13: Illustrates the script contained within agent3.ps1 https://binhex.ninja/img/2024-04-07_17h48_49%20%2810%29.webp Figure 13: Illustrates the script contained within agent3.ps1 https://binhex.ninja/img/2024-04-07_17h48_49%20%2810%29.png Figure 13: Illustrates the script contained within agent3.ps1 https://binhex.ninja/img/2024-04-07_17h48_49%20%2811%29.avif Figure 14: Depicts an endeavor to analyze the shellcode statically https://binhex.ninja/img/2024-04-07_17h48_49%20%2811%29.webp Figure 14: Depicts an endeavor to analyze the shellcode statically https://binhex.ninja/img/2024-04-07_17h48_49%20%2811%29.png Figure 14: Depicts an endeavor to analyze the shellcode statically https://binhex.ninja/img/2024-04-07_23h06_14.avif Figure 15: Displays the remote executable referenced in agent3.ps1 https://binhex.ninja/img/2024-04-07_23h06_14.webp Figure 15: Displays the remote executable referenced in agent3.ps1 https://binhex.ninja/img/2024-04-07_23h06_14.png Figure 15: Displays the remote executable referenced in agent3.ps1 https://binhex.ninja/img/2024-04-07_23h06_14%20%281%29.avif Figure 16: On the left, the decryption function is highlighted, while on the right, the XOR key is highlighted https://binhex.ninja/img/2024-04-07_23h06_14%20%281%29.webp Figure 16: On the left, the decryption function is highlighted, while on the right, the XOR key is highlighted https://binhex.ninja/img/2024-04-07_23h06_14%20%281%29.png Figure 16: On the left, the decryption function is highlighted, while on the right, the XOR key is highlighted https://binhex.ninja/img/2024-04-07_23h06_14%20%282%29.avif Figure 17: On the left, the decryption function is highlighted, while on the right, the starting point of the encrypted data is highlighted https://binhex.ninja/img/2024-04-07_23h06_14%20%282%29.webp Figure 17: On the left, the decryption function is highlighted, while on the right, the starting point of the encrypted data is highlighted https://binhex.ninja/img/2024-04-07_23h06_14%20%282%29.png Figure 17: On the left, the decryption function is highlighted, while on the right, the starting point of the encrypted data is highlighted https://binhex.ninja/img/2024-04-07_23h06_14%20%283%29.avif Figure 18: Demonstrates the execution of the Python script against the sample, resulting in the dumping of a clean PE file along with the printed U... https://binhex.ninja/img/2024-04-07_23h06_14%20%283%29.webp Figure 18: Demonstrates the execution of the Python script against the sample, resulting in the dumping of a clean PE file along with the printed U... https://binhex.ninja/img/2024-04-07_23h06_14%20%283%29.png Figure 18: Demonstrates the execution of the Python script against the sample, resulting in the dumping of a clean PE file along with the printed U... https://binhex.ninja/img/2024-04-07_23h06_14%20%284%29.avif Figure 19: Displays the clean PE output generated from the execution of the Python script against the loader binary https://binhex.ninja/img/2024-04-07_23h06_14%20%284%29.webp Figure 19: Displays the clean PE output generated from the execution of the Python script against the loader binary https://binhex.ninja/img/2024-04-07_23h06_14%20%284%29.png Figure 19: Displays the clean PE output generated from the execution of the Python script against the loader binary https://binhex.ninja/img/2024-04-07_23h06_14%20%285%29.avif Figure 20: Displays the download script of two additional payloads, namely sd4.ps1 and sd2.ps1 orchestrated by a PowerShell script https://binhex.ninja/img/2024-04-07_23h06_14%20%285%29.webp Figure 20: Displays the download script of two additional payloads, namely sd4.ps1 and sd2.ps1 orchestrated by a PowerShell script https://binhex.ninja/img/2024-04-07_23h06_14%20%285%29.png Figure 20: Displays the download script of two additional payloads, namely sd4.ps1 and sd2.ps1 orchestrated by a PowerShell script https://binhex.ninja/img/2024-04-07_23h06_14%20%286%29.avif Figure 21: Illustrates the two final payloads utilized by the malware https://binhex.ninja/img/2024-04-07_23h06_14%20%286%29.webp Figure 21: Illustrates the two final payloads utilized by the malware https://binhex.ninja/img/2024-04-07_23h06_14%20%286%29.png Figure 21: Illustrates the two final payloads utilized by the malware https://binhex.ninja/malware-analysis-blogs/oyster-backdoor-cleanuploader-malware.html 2025-10-23 Weekly 0.5 https://binhex.ninja/favicons/light_logo.ico BinHex Favicon https://binhex.ninja/img/mal3.avif oyster image https://binhex.ninja/img/mal3.webp oyster image https://binhex.ninja/img/mal3.jpeg oyster image https://binhex.ninja/img/CleanShot%2B2024-09-15%2Bat%2B14.22.58@2x.avif Figure 1: Depicts the malicious signed executables, including their icons and the associated signer name https://binhex.ninja/img/CleanShot%2B2024-09-15%2Bat%2B14.22.58@2x.webp Figure 1: Depicts the malicious signed executables, including their icons and the associated signer name https://binhex.ninja/img/CleanShot%2B2024-09-15%2Bat%2B14.22.58@2x.png Figure 1: Depicts the malicious signed executables, including their icons and the associated signer name https://binhex.ninja/img/unnamed.avif Figure 2: An example of a malicious sponsored advertisement on Google Search Credits - MalwareBytes https://binhex.ninja/img/unnamed.webp Figure 2: An example of a malicious sponsored advertisement on Google Search Credits - MalwareBytes https://binhex.ninja/img/unnamed.png Figure 2: An example of a malicious sponsored advertisement on Google Search Credits - MalwareBytes https://binhex.ninja/img/Figure-1---Fake-Microsoft-Teams-Website.avif Figure 3: An example of a malicious Teams website Credits - Rapid7 https://binhex.ninja/img/Figure-1---Fake-Microsoft-Teams-Website.webp Figure 3: An example of a malicious Teams website Credits - Rapid7 https://binhex.ninja/img/Figure-1---Fake-Microsoft-Teams-Website.png Figure 3: An example of a malicious Teams website Credits - Rapid7 https://binhex.ninja/img/CleanShot%2B2024-09-15%2Bat%2B16.22.26@2x.avif Figure 4: Depicts malicious executables I analysed that are associated with the same signer https://binhex.ninja/img/CleanShot%2B2024-09-15%2Bat%2B16.22.26@2x.webp Figure 4: Depicts malicious executables I analysed that are associated with the same signer https://binhex.ninja/img/CleanShot%2B2024-09-15%2Bat%2B16.22.26@2x.png Figure 4: Depicts malicious executables I analysed that are associated with the same signer https://binhex.ninja/img/CleanShot%2B2024-09-15%2Bat%2B14.46.00@2x%20%281%29.avif Figure 5: Depicts all the executables being analysed are signed by the same signer https://binhex.ninja/img/CleanShot%2B2024-09-15%2Bat%2B14.46.00@2x%20%281%29.webp Figure 5: Depicts all the executables being analysed are signed by the same signer https://binhex.ninja/img/CleanShot%2B2024-09-15%2Bat%2B14.46.00@2x%20%281%29.png Figure 5: Depicts all the executables being analysed are signed by the same signer https://binhex.ninja/img/CleanShot%2B2024-09-15%2Bat%2B16.57.52@2x.avif Figure 6: Depicts the C2 IP addresses, DLL names, imported functions, as well as the PowerShell and system reconnaissance commands observed in the ... https://binhex.ninja/img/CleanShot%2B2024-09-15%2Bat%2B16.57.52@2x.webp Figure 6: Depicts the C2 IP addresses, DLL names, imported functions, as well as the PowerShell and system reconnaissance commands observed in the ... https://binhex.ninja/img/CleanShot%2B2024-09-15%2Bat%2B16.57.52@2x.png Figure 6: Depicts the C2 IP addresses, DLL names, imported functions, as well as the PowerShell and system reconnaissance commands observed in the ... https://binhex.ninja/img/CleanShot%2B2024-09-15%2Bat%2B18.40.26@2x.avif Figure 7: Depicts the decoded C2 IP addresses observed in the Chrome.exe binary https://binhex.ninja/img/CleanShot%2B2024-09-15%2Bat%2B18.40.26@2x.webp Figure 7: Depicts the decoded C2 IP addresses observed in the Chrome.exe binary https://binhex.ninja/img/CleanShot%2B2024-09-15%2Bat%2B18.40.26@2x.png Figure 7: Depicts the decoded C2 IP addresses observed in the Chrome.exe binary https://binhex.ninja/img/CleanShot%2B2024-09-15%2Bat%2B17.04.30@2x.avif Figure 8: Depicts the repeating 0x04 pattern observed in the Teams1.exe binary https://binhex.ninja/img/CleanShot%2B2024-09-15%2Bat%2B17.04.30@2x.webp Figure 8: Depicts the repeating 0x04 pattern observed in the Teams1.exe binary https://binhex.ninja/img/CleanShot%2B2024-09-15%2Bat%2B17.04.30@2x.png Figure 8: Depicts the repeating 0x04 pattern observed in the Teams1.exe binary https://binhex.ninja/img/CleanShot%2B2024-09-15%2Bat%2B17.12.52@2x.avif Figure 9: Depicts the C2 IP addresses, DLL names, imported functions, as well as the PowerShell and system reconnaissance commands observed in the ... https://binhex.ninja/img/CleanShot%2B2024-09-15%2Bat%2B17.12.52@2x.webp Figure 9: Depicts the C2 IP addresses, DLL names, imported functions, as well as the PowerShell and system reconnaissance commands observed in the ... https://binhex.ninja/img/CleanShot%2B2024-09-15%2Bat%2B17.12.52@2x.png Figure 9: Depicts the C2 IP addresses, DLL names, imported functions, as well as the PowerShell and system reconnaissance commands observed in the ... https://binhex.ninja/img/CleanShot%2B2024-09-15%2Bat%2B17.21.18@2x.avif Figure 10: Depicts the repeating 0x95 pattern observed in the Edge.exe binary https://binhex.ninja/img/CleanShot%2B2024-09-15%2Bat%2B17.21.18@2x.webp Figure 10: Depicts the repeating 0x95 pattern observed in the Edge.exe binary https://binhex.ninja/img/CleanShot%2B2024-09-15%2Bat%2B17.21.18@2x.png Figure 10: Depicts the repeating 0x95 pattern observed in the Edge.exe binary https://binhex.ninja/img/CleanShot%2B2024-09-15%2Bat%2B18.47.53@2x.avif Figure 11: Depicts the C2 IP addresses, DLL names, imported functions, as well as the PowerShell and system reconnaissance commands observed in the... https://binhex.ninja/img/CleanShot%2B2024-09-15%2Bat%2B18.47.53@2x.webp Figure 11: Depicts the C2 IP addresses, DLL names, imported functions, as well as the PowerShell and system reconnaissance commands observed in the... https://binhex.ninja/img/CleanShot%2B2024-09-15%2Bat%2B18.47.53@2x.png Figure 11: Depicts the C2 IP addresses, DLL names, imported functions, as well as the PowerShell and system reconnaissance commands observed in the... https://binhex.ninja/img/CleanShot%2B2024-09-15%2Bat%2B18.54.38@2x.avif Figure 12: Depicts the repeating 0x81 pattern observed in the Teams3.exe binary https://binhex.ninja/img/CleanShot%2B2024-09-15%2Bat%2B18.54.38@2x.webp Figure 12: Depicts the repeating 0x81 pattern observed in the Teams3.exe binary https://binhex.ninja/img/CleanShot%2B2024-09-15%2Bat%2B18.54.38@2x.png Figure 12: Depicts the repeating 0x81 pattern observed in the Teams3.exe binary https://binhex.ninja/img/CleanShot%2B2024-09-15%2Bat%2B18.59.46@2x.avif Figure 13: Depicts the C2 IP addresses, DLL names, imported functions, as well as the PowerShell and system reconnaissance commands observed in the... https://binhex.ninja/img/CleanShot%2B2024-09-15%2Bat%2B18.59.46@2x.webp Figure 13: Depicts the C2 IP addresses, DLL names, imported functions, as well as the PowerShell and system reconnaissance commands observed in the... https://binhex.ninja/img/CleanShot%2B2024-09-15%2Bat%2B18.59.46@2x.png Figure 13: Depicts the C2 IP addresses, DLL names, imported functions, as well as the PowerShell and system reconnaissance commands observed in the... https://binhex.ninja/img/CleanShot%2B2024-09-15%2Bat%2B19.28.55@2x.avif Figure 14: Displays the .rsrc section of the Teams2.exe binary, which contains two resources—one being the legitimate Teams binary and the other a ... https://binhex.ninja/img/CleanShot%2B2024-09-15%2Bat%2B19.28.55@2x.webp Figure 14: Displays the .rsrc section of the Teams2.exe binary, which contains two resources—one being the legitimate Teams binary and the other a ... https://binhex.ninja/img/CleanShot%2B2024-09-15%2Bat%2B19.28.55@2x.png Figure 14: Displays the .rsrc section of the Teams2.exe binary, which contains two resources—one being the legitimate Teams binary and the other a ... https://binhex.ninja/img/CleanShot%2B2024-09-15%2Bat%2B19.23.00@2x.avif Figure 15: Displays the Microsoft-signed Teams binary on the left and the unsigned backdoor binary details on the right https://binhex.ninja/img/CleanShot%2B2024-09-15%2Bat%2B19.23.00@2x.webp Figure 15: Displays the Microsoft-signed Teams binary on the left and the unsigned backdoor binary details on the right https://binhex.ninja/img/CleanShot%2B2024-09-15%2Bat%2B19.23.00@2x.png Figure 15: Displays the Microsoft-signed Teams binary on the left and the unsigned backdoor binary details on the right https://binhex.ninja/img/CleanShot%2B2024-09-15%2Bat%2B19.41.55@2x.avif Figure 16: Depicts the repeating 0x7F pattern observed in the backdoor binary https://binhex.ninja/img/CleanShot%2B2024-09-15%2Bat%2B19.41.55@2x.webp Figure 16: Depicts the repeating 0x7F pattern observed in the backdoor binary https://binhex.ninja/img/CleanShot%2B2024-09-15%2Bat%2B19.41.55@2x.png Figure 16: Depicts the repeating 0x7F pattern observed in the backdoor binary https://binhex.ninja/img/CleanShot%2B2024-09-15%2Bat%2B19.47.03@2x.avif Figure 17: Depicts the C2 IP addresses, DLL names, imported functions, as well as the system reconnaissance commands observed in the backdoor binary https://binhex.ninja/img/CleanShot%2B2024-09-15%2Bat%2B19.47.03@2x.webp Figure 17: Depicts the C2 IP addresses, DLL names, imported functions, as well as the system reconnaissance commands observed in the backdoor binary https://binhex.ninja/img/CleanShot%2B2024-09-15%2Bat%2B19.47.03@2x.png Figure 17: Depicts the C2 IP addresses, DLL names, imported functions, as well as the system reconnaissance commands observed in the backdoor binary https://binhex.ninja/malware-analysis-blogs/latrodectus-malware.html 2025-10-23 Weekly 0.5 https://binhex.ninja/favicons/light_logo.ico BinHex Favicon https://binhex.ninja/img/mal2.avif latrodectus image https://binhex.ninja/img/mal2.webp latrodectus image https://binhex.ninja/img/mal2.jpg latrodectus image https://binhex.ninja/img/p1_0.avif Figure 1: Initial phishing lures utilized by Latrodectus , as depicted on Proofpoint’s blog https://binhex.ninja/img/p1_0.webp Figure 1: Initial phishing lures utilized by Latrodectus , as depicted on Proofpoint’s blog https://binhex.ninja/img/p1_0.jpg Figure 1: Initial phishing lures utilized by Latrodectus , as depicted on Proofpoint’s blog https://binhex.ninja/img/Screenshot%2B2024-04-04%2Bat%2B12.22.45%2BPM.avif Figure 2: An example of an email originating from a contact form, featuring a legal threat and a link to the malicious URL, as illustrated in Proof... https://binhex.ninja/img/Screenshot%2B2024-04-04%2Bat%2B12.22.45%2BPM.webp Figure 2: An example of an email originating from a contact form, featuring a legal threat and a link to the malicious URL, as illustrated in Proof... https://binhex.ninja/img/Screenshot%2B2024-04-04%2Bat%2B12.22.45%2BPM.png Figure 2: An example of an email originating from a contact form, featuring a legal threat and a link to the malicious URL, as illustrated in Proof... https://binhex.ninja/img/Untitled%2BDiagram.drawio.avif Figure 3: Illustrates the latest delivery and execution chain of the Latrodectus malware https://binhex.ninja/img/Untitled%2BDiagram.drawio.webp Figure 3: Illustrates the latest delivery and execution chain of the Latrodectus malware https://binhex.ninja/img/Untitled%2BDiagram.drawio.png Figure 3: Illustrates the latest delivery and execution chain of the Latrodectus malware https://binhex.ninja/img/CleanShot%2B2024-04-28%2Bat%2B23.42.32@2x.avif Figure 4: Displays the PDF file included in the email https://binhex.ninja/img/CleanShot%2B2024-04-28%2Bat%2B23.42.32@2x.webp Figure 4: Displays the PDF file included in the email https://binhex.ninja/img/CleanShot%2B2024-04-28%2Bat%2B23.42.32@2x.png Figure 4: Displays the PDF file included in the email https://binhex.ninja/img/CleanShot%2B2024-04-28%2Bat%2B23.50.13@2x.avif Figure 5: Depicts the opened PDF file, showcasing the download banner and highlighting the embedded external link at the bottom left corner https://binhex.ninja/img/CleanShot%2B2024-04-28%2Bat%2B23.50.13@2x.webp Figure 5: Depicts the opened PDF file, showcasing the download banner and highlighting the embedded external link at the bottom left corner https://binhex.ninja/img/CleanShot%2B2024-04-28%2Bat%2B23.50.13@2x.png Figure 5: Depicts the opened PDF file, showcasing the download banner and highlighting the embedded external link at the bottom left corner https://binhex.ninja/img/CleanShot%2B2024-04-29%2Bat%2B00.07.23@2x.avif Figure 6: Illustrates the downloaded malicious JavaScript (JS) file on the user's system https://binhex.ninja/img/CleanShot%2B2024-04-29%2Bat%2B00.07.23@2x.webp Figure 6: Illustrates the downloaded malicious JavaScript (JS) file on the user's system https://binhex.ninja/img/CleanShot%2B2024-04-29%2Bat%2B00.07.23@2x.png Figure 6: Illustrates the downloaded malicious JavaScript (JS) file on the user's system https://binhex.ninja/img/CleanShot%2B2024-04-29%2Bat%2B00.25.45@2x.avif Figure 7: Displays the obfuscated JavaScript (JS) file https://binhex.ninja/img/CleanShot%2B2024-04-29%2Bat%2B00.25.45@2x.webp Figure 7: Displays the obfuscated JavaScript (JS) file https://binhex.ninja/img/CleanShot%2B2024-04-29%2Bat%2B00.25.45@2x.png Figure 7: Displays the obfuscated JavaScript (JS) file https://binhex.ninja/img/CleanShot%2B2024-04-29%2Bat%2B18.17.23@2x.avif Figure 8: Illustrates sections of the JavaScript (JS) file with uncommented code https://binhex.ninja/img/CleanShot%2B2024-04-29%2Bat%2B18.17.23@2x.webp Figure 8: Illustrates sections of the JavaScript (JS) file with uncommented code https://binhex.ninja/img/CleanShot%2B2024-04-29%2Bat%2B18.17.23@2x.png Figure 8: Illustrates sections of the JavaScript (JS) file with uncommented code https://binhex.ninja/img/CleanShot%2B2024-04-29%2Bat%2B18.28.54@2x.avif Figure 9: Depicts the output from the document after applying the regex https://binhex.ninja/img/CleanShot%2B2024-04-29%2Bat%2B18.28.54@2x.webp Figure 9: Depicts the output from the document after applying the regex https://binhex.ninja/img/CleanShot%2B2024-04-29%2Bat%2B18.28.54@2x.png Figure 9: Depicts the output from the document after applying the regex https://binhex.ninja/img/CleanShot%2B2024-04-29%2Bat%2B18.41.26@2x.avif Figure 10: Depicts the output from the document after applying the regex https://binhex.ninja/img/CleanShot%2B2024-04-29%2Bat%2B18.41.26@2x.webp Figure 10: Depicts the output from the document after applying the regex https://binhex.ninja/img/CleanShot%2B2024-04-29%2Bat%2B18.41.26@2x.png Figure 10: Depicts the output from the document after applying the regex https://binhex.ninja/img/CleanShot%2B2024-04-29%2Bat%2B19.08.14@2x.avif Figure 11: Displays the downloaded MSI file https://binhex.ninja/img/CleanShot%2B2024-04-29%2Bat%2B19.08.14@2x.webp Figure 11: Displays the downloaded MSI file https://binhex.ninja/img/CleanShot%2B2024-04-29%2Bat%2B19.08.14@2x.png Figure 11: Displays the downloaded MSI file https://binhex.ninja/img/CleanShot%2B2024-04-29%2Bat%2B19.15.51@2x.avif Figure 12: Illustrates the command line that will be executed post-installation https://binhex.ninja/img/CleanShot%2B2024-04-29%2Bat%2B19.15.51@2x.webp Figure 12: Illustrates the command line that will be executed post-installation https://binhex.ninja/img/CleanShot%2B2024-04-29%2Bat%2B19.15.51@2x.png Figure 12: Illustrates the command line that will be executed post-installation https://binhex.ninja/img/CleanShot%2B2024-04-29%2Bat%2B19.21.09@2x.avif Figure 13: Displays the contents of the MSI file when opened in 7-Zip https://binhex.ninja/img/CleanShot%2B2024-04-29%2Bat%2B19.21.09@2x.webp Figure 13: Displays the contents of the MSI file when opened in 7-Zip https://binhex.ninja/img/CleanShot%2B2024-04-29%2Bat%2B19.21.09@2x.png Figure 13: Displays the contents of the MSI file when opened in 7-Zip https://binhex.ninja/img/CleanShot%2B2024-04-29%2Bat%2B19.27.28@2x.avif Figure 14: Depicts the files obtained after extracting the selected files from the MSI installer and then further extracting the .cab file https://binhex.ninja/img/CleanShot%2B2024-04-29%2Bat%2B19.27.28@2x.webp Figure 14: Depicts the files obtained after extracting the selected files from the MSI installer and then further extracting the .cab file https://binhex.ninja/img/CleanShot%2B2024-04-29%2Bat%2B19.27.28@2x.png Figure 14: Depicts the files obtained after extracting the selected files from the MSI installer and then further extracting the .cab file https://binhex.ninja/img/CleanShot%2B2024-04-29%2Bat%2B19.31.23@2x.avif Figure 15: Depicts the SHA-256 hash of the Binary.viewer.exe file https://binhex.ninja/img/CleanShot%2B2024-04-29%2Bat%2B19.31.23@2x.webp Figure 15: Depicts the SHA-256 hash of the Binary.viewer.exe file https://binhex.ninja/img/CleanShot%2B2024-04-29%2Bat%2B19.31.23@2x.png Figure 15: Depicts the SHA-256 hash of the Binary.viewer.exe file https://binhex.ninja/img/CleanShot%2B2024-04-29%2Bat%2B20.10.22@2x.avif Figure 16: Displays the listing of the homi function in Binary Ninja https://binhex.ninja/img/CleanShot%2B2024-04-29%2Bat%2B20.10.22@2x.webp Figure 16: Displays the listing of the homi function in Binary Ninja https://binhex.ninja/img/CleanShot%2B2024-04-29%2Bat%2B20.10.22@2x.png Figure 16: Displays the listing of the homi function in Binary Ninja https://binhex.ninja/img/CleanShot%2B2024-04-29%2Bat%2B20.17.35@2x.avif Figure 17: Displays the listing of the decryption_function , with the important aspects of the function highlighted https://binhex.ninja/img/CleanShot%2B2024-04-29%2Bat%2B20.17.35@2x.webp Figure 17: Displays the listing of the decryption_function , with the important aspects of the function highlighted https://binhex.ninja/img/CleanShot%2B2024-04-29%2Bat%2B20.17.35@2x.png Figure 17: Displays the listing of the decryption_function , with the important aspects of the function highlighted https://binhex.ninja/img/CleanShot%2B2024-04-29%2Bat%2B20.34.46@2x.avif Figure 18: Illustrates the manually generated loader.bin file https://binhex.ninja/img/CleanShot%2B2024-04-29%2Bat%2B20.34.46@2x.webp Figure 18: Illustrates the manually generated loader.bin file https://binhex.ninja/img/CleanShot%2B2024-04-29%2Bat%2B20.34.46@2x.png Figure 18: Illustrates the manually generated loader.bin file https://binhex.ninja/img/CleanShot%2B2024-04-29%2Bat%2B20.38.01@2x.avif Figure 19: Displays the .rsrc section on the right, highlighting the first byte pointed by the argument, with the argument itself highlighted on th... https://binhex.ninja/img/CleanShot%2B2024-04-29%2Bat%2B20.38.01@2x.webp Figure 19: Displays the .rsrc section on the right, highlighting the first byte pointed by the argument, with the argument itself highlighted on th... https://binhex.ninja/img/CleanShot%2B2024-04-29%2Bat%2B20.38.01@2x.png Figure 19: Displays the .rsrc section on the right, highlighting the first byte pointed by the argument, with the argument itself highlighted on th... https://binhex.ninja/img/CleanShot%2B2024-04-29%2Bat%2B22.07.26@2x.avif Figure 20: Illustrates the listing of the loader.bin file, with the important aspects of the function highlighted https://binhex.ninja/img/CleanShot%2B2024-04-29%2Bat%2B22.07.26@2x.webp Figure 20: Illustrates the listing of the loader.bin file, with the important aspects of the function highlighted https://binhex.ninja/img/CleanShot%2B2024-04-29%2Bat%2B22.07.26@2x.png Figure 20: Illustrates the listing of the loader.bin file, with the important aspects of the function highlighted https://binhex.ninja/img/CleanShot%2B2024-04-29%2Bat%2B22.23.55@2x.avif Figure 21: Displays the output PE file generated by executing the Python code https://binhex.ninja/img/CleanShot%2B2024-04-29%2Bat%2B22.23.55@2x.webp Figure 21: Displays the output PE file generated by executing the Python code https://binhex.ninja/img/CleanShot%2B2024-04-29%2Bat%2B22.23.55@2x.png Figure 21: Displays the output PE file generated by executing the Python code https://binhex.ninja/img/CleanShot%2B2024-04-29%2Bat%2B22.29.36@2x.avif Figure 22: Illustrates the listing of the _start function in the output binary https://binhex.ninja/img/CleanShot%2B2024-04-29%2Bat%2B22.29.36@2x.webp Figure 22: Illustrates the listing of the _start function in the output binary https://binhex.ninja/img/CleanShot%2B2024-04-29%2Bat%2B22.29.36@2x.png Figure 22: Illustrates the listing of the _start function in the output binary https://binhex.ninja/img/CleanShot%2B2024-04-29%2Bat%2B22.33.45@2x.avif Figure 23: Depicts the PE file present in the data section referenced in the function call https://binhex.ninja/img/CleanShot%2B2024-04-29%2Bat%2B22.33.45@2x.webp Figure 23: Depicts the PE file present in the data section referenced in the function call https://binhex.ninja/img/CleanShot%2B2024-04-29%2Bat%2B22.33.45@2x.png Figure 23: Depicts the PE file present in the data section referenced in the function call https://binhex.ninja/img/CleanShot%2B2024-04-29%2Bat%2B22.40.24@2x.avif Figure 24: Depicts the manually created latro_dumped_1.bin file https://binhex.ninja/img/CleanShot%2B2024-04-29%2Bat%2B22.40.24@2x.webp Figure 24: Depicts the manually created latro_dumped_1.bin file https://binhex.ninja/img/CleanShot%2B2024-04-29%2Bat%2B22.40.24@2x.png Figure 24: Depicts the manually created latro_dumped_1.bin file https://binhex.ninja/img/CleanShot%2B2024-04-29%2Bat%2B22.42.31@2x.avif Figure 25: Illustrates that no export symbol " scub " was found by Binary Ninja https://binhex.ninja/img/CleanShot%2B2024-04-29%2Bat%2B22.42.31@2x.webp Figure 25: Illustrates that no export symbol " scub " was found by Binary Ninja https://binhex.ninja/img/CleanShot%2B2024-04-29%2Bat%2B22.42.31@2x.png Figure 25: Illustrates that no export symbol " scub " was found by Binary Ninja https://binhex.ninja/img/CleanShot%2B2024-04-29%2Bat%2B22.46.23@2x.avif Figure 26: Displays the different export function names sharing the same function RVA in PE-Bear https://binhex.ninja/img/CleanShot%2B2024-04-29%2Bat%2B22.46.23@2x.webp Figure 26: Displays the different export function names sharing the same function RVA in PE-Bear https://binhex.ninja/img/CleanShot%2B2024-04-29%2Bat%2B22.46.23@2x.png Figure 26: Displays the different export function names sharing the same function RVA in PE-Bear https://binhex.ninja/img/CleanShot%2B2024-04-29%2Bat%2B22.50.32@2x.avif Figure 27: Illustrates Binary Ninja's listing of the " extra " function https://binhex.ninja/img/CleanShot%2B2024-04-29%2Bat%2B22.50.32@2x.webp Figure 27: Illustrates Binary Ninja's listing of the " extra " function https://binhex.ninja/img/CleanShot%2B2024-04-29%2Bat%2B22.50.32@2x.png Figure 27: Illustrates Binary Ninja's listing of the " extra " function https://binhex.ninja/img/CleanShot%2B2024-04-29%2Bat%2B23.13.04@2x.avif Figure 28: Illustrates the string decryption function in the final Latrodectus binary https://binhex.ninja/img/CleanShot%2B2024-04-29%2Bat%2B23.13.04@2x.webp Figure 28: Illustrates the string decryption function in the final Latrodectus binary https://binhex.ninja/img/CleanShot%2B2024-04-29%2Bat%2B23.13.04@2x.png Figure 28: Illustrates the string decryption function in the final Latrodectus binary https://binhex.ninja/img/CleanShot%2B2024-04-29%2Bat%2B23.45.50@2x.avif Figure 29: Displays a listing of some of the decrypted strings https://binhex.ninja/img/CleanShot%2B2024-04-29%2Bat%2B23.45.50@2x.webp Figure 29: Displays a listing of some of the decrypted strings https://binhex.ninja/img/CleanShot%2B2024-04-29%2Bat%2B23.45.50@2x.png Figure 29: Displays a listing of some of the decrypted strings