@mr0x4b Profile picture

Mr0x4b

@mr0x4b

Malware researcher & reverse engineer enthusiast

Joined April 2024
Mr0x4b Reposted

🚨 ALERT: Potential ZERO-DAY, Attackers Use Corrupted Files to Evade Detection 🧵 (3/3) ⚠️ Although broken and corrupted, the file remains undetectable by security tools, yet user applications handle it seamlessly due to built-in recovery mechanisms exploited by attackers 🔎…

anyrun_app's tweet image. 🚨 ALERT: Potential ZERO-DAY, Attackers Use Corrupted Files to Evade Detection 🧵 (3/3)
⚠️ Although broken and corrupted, the file remains undetectable by security tools, yet user applications handle it seamlessly due to built-in recovery mechanisms exploited by attackers

🔎…

Mr0x4b Reposted

🚨 ALERT: Potential ZERO-DAY, Attackers Use Corrupted Files to Evade Detection 🧵 (2/3) When analyzing a corrupted file, it is mostly identified as a #ZIP archive or MS Office file 💢 Security solutions attempt to extract its contents, assuming they need to scan the files…

anyrun_app's tweet image. 🚨 ALERT: Potential ZERO-DAY, Attackers Use Corrupted Files to Evade Detection 🧵 (2/3)
When analyzing a corrupted file, it is mostly identified as a #ZIP archive or MS Office file

💢 Security solutions attempt to extract its contents, assuming they need to scan the files…

Mr0x4b Reposted

🚨ALERT: Potential ZERO-DAY, Attackers Use Corrupted Files to Evade Detection 🧵 (1/3) ⚠️ The ongoing attack evades #antivirus software, prevents uploads to sandboxes, and bypasses Outlook's spam filters, allowing the malicious emails to reach your inbox The #ANYRUN team…

anyrun_app's tweet image. 🚨ALERT: Potential ZERO-DAY, Attackers Use Corrupted Files to Evade Detection 🧵 (1/3)
⚠️ The ongoing attack evades #antivirus software, prevents uploads to sandboxes, and bypasses Outlook's spam filters, allowing the malicious emails to reach your inbox

The #ANYRUN team…

Mr0x4b Reposted

🚨Alert🚨CVE-2024-30103: Microsoft Outlook Remote Code Execution Vulnerability ⚠This Microsoft Outlook vulnerability can be circulated from user to user and doesn’t require a click to execute. Rather, execution initiates when an affected email is opened.This is notably dangerous…

HunterMapping's tweet image. 🚨Alert🚨CVE-2024-30103: Microsoft Outlook Remote Code Execution Vulnerability
⚠This Microsoft Outlook vulnerability can be circulated from user to user and doesn’t require a click to execute. Rather, execution initiates when an affected email is opened.This is notably dangerous…

Mr0x4b Reposted

🚨 #opendir: 185.101.104[.92 Fresh opendir loaded with malware. Beware of fake apps impersonating Spotify and Roblox. For example: 📄 cmdd.exe - #AgentTesla ⬇️ 185.101.104[.92/Built.exe ⬇️ Built.exe - #BLANKGRABBER 🚨 #opendir Alert: 185.101.104[.92 🚨 @500mk500

karol_paciorek's tweet image. 🚨 #opendir: 185.101.104[.92 

Fresh opendir loaded with malware. Beware of fake apps impersonating Spotify and Roblox.

For example:
📄 cmdd.exe - #AgentTesla
⬇️
185.101.104[.92/Built.exe
⬇️
Built.exe - #BLANKGRABBER

🚨 #opendir Alert: 185.101.104[.92 🚨

@500mk500

Mr0x4b Reposted

GitHub comments abused to push malware via Microsoft repo URLs: "Even if you decide not to post the comment or delete it after it is posted, the files are not deleted from GitHub's CDN, and the download URLs continue to work forever. As the file's URL contains the name of the…

malmoeb's tweet image. GitHub comments abused to push malware via Microsoft repo URLs:

"Even if you decide not to post the comment or delete it after it is posted, the files are not deleted from GitHub's CDN, and the download URLs continue to work forever.

As the file's URL contains the name of the…

Mr0x4b Reposted

🎯 #Meterpreter #backdoor uses tricky #steganography by filtering image channels in yet another #stegocampaign 🕵 A .NET executable file with a #PowerShell script inside downloads a PNG image from a remote C2 server 📝 #Malware calculates a byte array from image channels by…

anyrun_app's tweet image. 🎯 #Meterpreter #backdoor uses tricky #steganography by filtering image channels in yet another #stegocampaign

🕵 A .NET executable file with a #PowerShell script inside downloads a PNG image from a remote C2 server

📝 #Malware calculates a byte array from image channels by…

Mr0x4b Reposted

Finally seeing some post-compromise from #SolarMarker, it's been awhile 👀 Kudos to @bohansec for retrieving the sample and logs. 🕔 Initial check-in: 146.70.80.]83 🕤 Backdoor C2: 2.58.15.]118 🔏 Observed signature: Ameri Mode Inc. (revoked) 🌻 C2 for the stealer and hVNC:…

RussianPanda9xx's tweet image. Finally seeing some post-compromise from #SolarMarker, it's been awhile 👀
Kudos to @bohansec  for retrieving the sample and logs. 

🕔 Initial check-in: 146.70.80.]83
🕤 Backdoor C2: 2.58.15.]118
🔏 Observed signature: Ameri Mode Inc. (revoked)
🌻 C2 for the stealer and hVNC:…

Mr0x4b Reposted

http://141.11.109.151:8000/ Yikes opendir full with malware

banthisguy9349's tweet image. http://141.11.109.151:8000/ 

Yikes opendir full with malware

Mr0x4b Reposted

A great depiction of the current state of anti malware.

I changed a PNG in my app and suddenly Google and Ikarus think my app is a virus. I would like the last 2 hours of my life back. Here's a screenshot of the PNG so you don't get infected.

timmisiak's tweet image. I changed a PNG in my app and suddenly Google and Ikarus think my app is a virus.

I would like the last 2 hours of my life back.

Here's a screenshot of the PNG so you don't get infected.
timmisiak's tweet image. I changed a PNG in my app and suddenly Google and Ikarus think my app is a virus.

I would like the last 2 hours of my life back.

Here's a screenshot of the PNG so you don't get infected.


Mr0x4b Reposted

"YARA is dead, long live YARA-X!" 🎉 After 15 years, YARA gets a full rewrite in Rust, bringing enhanced performance, security, and user experience. Dive into the details in latest blog post by @plusvic : blog.virustotal.com/2024/05/yara-i…

virustotal's tweet image. "YARA is dead, long live YARA-X!" 🎉 

After 15 years, YARA gets a full rewrite in Rust, bringing enhanced performance, security, and user experience. 

Dive into the details in latest blog post by @plusvic : <a style="text-decoration: none;" rel="nofollow" target="_blank" href="https://t.co/IGRT65cBD3">blog.virustotal.com/2024/05/yara-i…</a>

#wshrat part 2 #malware SHA256 hash: 3D3B93E744A9FC154A70B6A6B709BE2806598ABB2B00DB8E51FAA55F961F3076 IoC: 46.246.6[.]12 (port 7045) chongmei33.publicvm[.]com

mr0x4b's tweet image. #wshrat part 2 #malware

SHA256 hash: 3D3B93E744A9FC154A70B6A6B709BE2806598ABB2B00DB8E51FAA55F961F3076

IoC: 
46.246.6[.]12 (port 7045)
chongmei33.publicvm[.]com

#wshrat #malware SHA256 hash: 7e66f9c9c8dbbd79ea3e3a11dc7e902897ffa2bac730d1df3db8e12f09c44722 IoC https[:]//electrikar.com[.]mx/wp-includes/Text/mc.js 157.230.6[.]20

mr0x4b's tweet image. #wshrat #malware

SHA256 hash: 7e66f9c9c8dbbd79ea3e3a11dc7e902897ffa2bac730d1df3db8e12f09c44722

IoC 
https[:]//electrikar.com[.]mx/wp-includes/Text/mc.js
157.230.6[.]20

#AgentTesla downloader #malware IoC http[:]//98.142.254[.]109/rr/Pmhjlkp.dat

mr0x4b's tweet image. #AgentTesla downloader #malware
IoC http[:]//98.142.254[.]109/rr/Pmhjlkp.dat

Mr0x4b Reposted

Discover how we use Gemini 1.5 Pro to improve malware analysis! Gemini's capability to tackle up to 1 million tokens makes a difference, not only when facing huge macros, but also providing a way to automate analysis of decompiled code, by @bquintero : blog.virustotal.com/2024/04/analyz…

virustotal's tweet image. Discover how we use Gemini 1.5 Pro to improve malware analysis! Gemini's capability to tackle up to 1 million tokens makes a difference, not only when facing huge macros, but also providing a way to automate analysis of decompiled code, by @bquintero :

<a style="text-decoration: none;" rel="nofollow" target="_blank" href="https://t.co/VlDG3hEiLk">blog.virustotal.com/2024/04/analyz…</a>

Mr0x4b Reposted

As #malware continues to challenge analysts, so we checked how Gemini 1.5 Pro could help and found that: 🔎 Results were accurate, even with a zero-detection @VirusTotal sample ⏱️ It produced an accurate analysis in less than a minute Learn more: bit.ly/3WjINFq

Mandiant's tweet image. As #malware continues to challenge analysts, so we checked how Gemini 1.5 Pro could help and found that:

🔎 Results were accurate, even with a zero-detection @VirusTotal sample
⏱️ It produced an accurate analysis in less than a minute

Learn more: <a style="text-decoration: none;" rel="nofollow" target="_blank" href="https://t.co/0zvRwkbH8G">bit.ly/3WjINFq</a>

United States Trends
Loading...

Something went wrong.


Something went wrong.