060ed0ec27a0a4ad7b55425ed56d8ef0c55aa61b499d4884d1679f18d518ddf3
|
struppigel
|
medium
|
|
Find the two webhooks of this stealer and determine the persistence mechanisms.
|
—
|
|
0
|
23 Mar 2026
|
09474277051fc387a9b43f7f08a9bf4f6817c24768719b21f9f7163d9c5c8f74
|
struppigel
|
advanced
|
|
PyInstxtractor does not work here. Extract and decrypt all the python code, including the plain "PYZ" archive contents.
|
1
|
|
0
|
01 Feb 2026
|
096607aa89ea6f17e5a815a67b94bc245ecbf18a87705e1dec2f1d85f8350e32
|
struppigel
|
advanced
|
|
Unpack the virus body of Virut and find the file infection code, figure out:
* Which file extensions does it target for infection and what other conditions must be true, e.g., values in the PE headers?
* What is the infect marker?
|
3
|
|
0
|
28 Dec 2025
|
0ad4f87dfa9b814b78e9db2360a89ea7940fb5ad919637bbaacb1222fb44098d
|
struppigel
|
medium
|
|
Write an emulation-based unpacker for this crypter. Use the native 32-bit stub and RunPE shellcode. Ignore .NET.
|
1
|
|
0
|
31 Dec 2025
|
0b38ca277bbb042d43bd1f17c4e424e167020883526eb2527ba929b2f0990a8f
|
larsborn
|
easy
|
|
Write a Ghidra script to defeat the code obfuscation int his sample.
|
1
|
|
0
|
13 Jan 2026
|
0b38ca277bbb042d43bd1f17c4e424e167020883526eb2527ba929b2f0990a8f
|
larsborn
|
medium
|
|
Circumvent unnecessary API calls by NOPing them out
|
1
|
|
0
|
05 Jan 2026
|
0d7e7c6c1e02f7e5e5d0bf8f191e9d50636e71cabc2b4883d112b0f04da3d9f0
|
struppigel
|
advanced
|
|
Write a script or program that deobfuscates the strings and patches the assembly with the deobfuscated strings
|
1
|
|
0
|
26 Dec 2025
|
13063a496da7e490f35ebb4f24a138db4551d48a1d82c0c876906a03b8e83e05
|
malcat
|
easy
|
|
Extract the next stage download url
|
1
|
|
0
|
04 Jan 2026
|
15180ee9f6a8682b24a0d5cb0491bb4e09d457bfab5a24ec1fcb077dab59773b
|
malcat
|
easy
|
|
Unpack the payload and identify the final malware family using static analysis.
|
1
|
|
0
|
04 Jan 2026
|
161f2a6ecf64dcbbc1616d536cb2ed2e53afc5a4f5deca810b0f55cc82a6b447
|
malwarecakefactory
|
medium
|
|
for RE learning
|
1
|
|
1
|
22 Feb 2026
|
1bc77b013c83b5b075c3d3c403da330178477843fc2d8326d90e495a61fbb01f
|
struppigel
|
advanced
|
|
Create a static C2 extractor that uses abstract syntax tree transformations with Babel. You can use astexplorer.net as helper tool.
|
1
|
|
0
|
13 Jan 2026
|
1c33eef0d22dc54bb2a41af485070612cd4579529e31b63be2141c4be9183eb6
|
struppigel
|
easy
|
|
This file has an unusual archive format. Figure out how to extract it. Then debloat the sample and determine how [the next stage](https://samplepedia.cc/sample/c2c466e178b39577912c9ce989cf8a975c574d5febe15ae11a91bbb985ca8d2e/80/) is decrypted or decoded. After that continue analysis of [the next stage](https://samplepedia.cc/sample/c2c466e178b39577912c9ce989cf8a975c574d5febe15ae11a91bbb985ca8d2e/80/).
|
1
|
|
0
|
27 Jan 2026
|
20946142795ea4b9fafad9a279e5da0e2f491f567380d7f37570d451f3aa6b8f
|
struppigel
|
medium
|
|
This sample has multiple layers. Unpack the final one. Determine the malware family of the final payload.
|
1
|
|
0
|
26 Dec 2025
|
2299ff9c7e5995333691f3e68373ebbb036aa619acd61cbea6c5210490699bb6
|
struppigel
|
medium
|
|
Create a C2 extractor using a Python script, binary refinery pipeline or CyberChef recipie
|
1
|
|
0
|
11 Jan 2026
|
277089cb78a9c493cecd8f5fbe70df0577d4f9557fb8b55ff5f7c2505308ca3a
|
malcat
|
advanced
|
|
Extract the final Dridex downloader payload using static analysis.
|
1
|
|
0
|
04 Jan 2026
|
291df8186e62df74b8fcf2c361c6913b9b73e3e864dde58eb63d5c3159a4c32d
|
malcat
|
medium
|
|
Use emulation and/or static analysis to get to the final malware and extract its configuration
|
1
|
|
1
|
04 Jan 2026
|
29325e23a684f782db14a1bf0dc56c65228e666d1f561808413a735000de3515
|
struppigel
|
easy
|
|
Where does this file load the next stage from?
|
2
|
|
0
|
20 Jan 2026
|