3045902d7104e67ca88ca54360d9ef5bfe5bec8b575580bc28205ca67eeba96d
|
malcat
|
advanced
|
|
Extract the next stage payload with static analysis.
|
1
|
|
0
|
04 Jan 2026
|
13063a496da7e490f35ebb4f24a138db4551d48a1d82c0c876906a03b8e83e05
|
malcat
|
easy
|
|
Extract the next stage download url
|
1
|
|
0
|
04 Jan 2026
|
15180ee9f6a8682b24a0d5cb0491bb4e09d457bfab5a24ec1fcb077dab59773b
|
malcat
|
easy
|
|
Unpack the payload and identify the final malware family using static analysis.
|
1
|
|
0
|
04 Jan 2026
|
9887f1e95b4e11825941bd207400d1cc1580a7d438969f6c8d8c656551d339e2
|
struppigel
|
easy
|
|
Figure out the download URL of this malware with static analysis
|
2
|
|
0
|
04 Jan 2026
|
cb21368467bdf0ca8a4cd458f54d684e10da2d43a9c7285e094d39bdc410fb10
|
struppigel
|
medium
|
|
Unpack the payload and extract the configuration.
This is a second stage file, you find the [first stage here](https://samplepedia.cc/sample/5bc8b1a067ec4b487e88c2bb93728158633f4fdf22b111d5562cbb4ad3426d30/31/)
|
1
|
|
0
|
04 Jan 2026
|
5bc8b1a067ec4b487e88c2bb93728158633f4fdf22b111d5562cbb4ad3426d30
|
struppigel
|
medium
|
|
Deobfuscate this loader such that you get the download URL.
|
2
|
|
0
|
04 Jan 2026
|
0ad4f87dfa9b814b78e9db2360a89ea7940fb5ad919637bbaacb1222fb44098d
|
struppigel
|
medium
|
|
Write an emulation-based unpacker for this crypter. Use the native 32-bit stub and RunPE shellcode. Ignore .NET.
|
1
|
|
0
|
31 Dec 2025
|
892834734712fe5bc7a6614be6972de1be2d74ad424ef47b2c701046e4912426
|
struppigel
|
medium
|
|
Write a code-based signature with Yara for this sample.
|
1
|
|
0
|
30 Dec 2025
|
3d1a4b9e37868f54e7e7eb98aae0203e2c50b2977170e0006cd3cbcb071c6b94
|
struppigel
|
medium
|
|
Build a binary refinery pipeline or CyberChef recipe that extracts the download URL from the loader.
|
1
|
|
0
|
29 Dec 2025
|
096607aa89ea6f17e5a815a67b94bc245ecbf18a87705e1dec2f1d85f8350e32
|
struppigel
|
advanced
|
|
Unpack the virus body of Virut and find the file infection code, figure out:
* Which file extensions does it target for infection and what other conditions must be true, e.g., values in the PE headers?
* What is the infect marker?
|
3
|
|
0
|
28 Dec 2025
|
eee8a68511bd00ff98425cf9e9bd12873a5e742548fe7e2b72add7ff8dbabb24
|
struppigel
|
advanced
|
|
Unpack the payload and obtain the C2, bonus points for deobfuscating the AutoIt script
|
1
|
|
0
|
26 Dec 2025
|
20946142795ea4b9fafad9a279e5da0e2f491f567380d7f37570d451f3aa6b8f
|
struppigel
|
medium
|
|
This sample has multiple layers. Unpack the final one. Determine the malware family of the final payload.
|
1
|
|
0
|
26 Dec 2025
|
5544e6c66cbf6503cddef2797acbff4fb81ededaef2334a596e6484cfaa0b8e8
|
struppigel
|
medium
|
|
Unpack the payload. This can be done either with a debugger or using only static unpacking with binary refinery. Note: The payload is obfuscated with VMProtect, deobfuscating it is not part of the task.
|
1
|
|
0
|
26 Dec 2025
|
0d7e7c6c1e02f7e5e5d0bf8f191e9d50636e71cabc2b4883d112b0f04da3d9f0
|
struppigel
|
advanced
|
|
Write a script or program that deobfuscates the strings and patches the assembly with the deobfuscated strings
|
1
|
|
0
|
26 Dec 2025
|
482a8b7ead1e07ac728e1e2b9bcf90a26af9b98b15969a3786834d6e81d393cd
|
struppigel
|
easy
|
|
What's the password for the screenlocker? Extract the code.
|
1
|
|
1
|
26 Dec 2025
|
aad0a60cb86e3a56bcd356c6559b92c4dc4a1a960f409fb499cf76c9b5409fdb
|
struppigel
|
easy
|
|
Markup the sample in Ghidra/IDA/Binary Ninja
|
—
|
|
0
|
26 Dec 2025
|
3c086e76942fb9fd3d1e4384e9c1228c227c00c78dc29fca512ed95ee919ee5e
|
struppigel
|
medium
|
|
This application consists of almost 3000 files. Find proof that the sample is malicious by finding the malicious code. A weird filename with homoglyphs is not enough, nor is behavioral analysis in a sandbox.
|
1
|
|
0
|
26 Dec 2025
|