478d992c999a0e93ada1c9aa10644e3abdc207d407492c5bc2710986de4d42be
|
struppigel
|
easy
|
|
Where does this office document get the next stage and how?
When was the document created?
|
—
|
|
0
|
25 Apr 2026
|
57e497bf62138b926d4adab395e0ab64f9f1b606ff9219e0c004fcc5a8348f7a
|
struppigel
|
medium
|
|
Find the code that is responsible for loading the next stage. Figure out the download URL for the next stage with emulation.
|
—
|
|
0
|
17 Mar 2026
|
465dc7a1068d0c7d31b4ffb0a013a59ddd0320dde4389748eed99f41ee0f51ae
|
struppigel
|
medium
|
|
How does this rootkit hide loaded modules of a process? Locate the function that is responsible for that. What's necessary to trigger the module hiding?
|
—
|
|
0
|
21 Feb 2026
|
aad0a60cb86e3a56bcd356c6559b92c4dc4a1a960f409fb499cf76c9b5409fdb
|
struppigel
|
easy
|
|
Markup the sample in Ghidra/IDA/Binary Ninja
|
—
|
|
0
|
26 Dec 2025
|
060ed0ec27a0a4ad7b55425ed56d8ef0c55aa61b499d4884d1679f18d518ddf3
|
struppigel
|
medium
|
|
Find the two webhooks of this stealer and determine the persistence mechanisms.
|
—
|
|
0
|
23 Mar 2026
|
49660527c1c910ad2d3c5625c1b44682e465e45b65883dfc8d7d229d1bd0ebd8
|
struppigel
|
advanced
|
|
Extract the main.js, decompile and deobfuscate it so far that you can see the webhook
|
1
|
|
0
|
07 Mar 2026
|
b0e365c603013751085946ff0500f7d8c0e3c106d3b02c368c2f267279660a6d
|
struppigel
|
medium
|
|
Write a configuration extractor for this loader
|
1
|
|
0
|
28 Feb 2026
|
161f2a6ecf64dcbbc1616d536cb2ed2e53afc5a4f5deca810b0f55cc82a6b447
|
malwarecakefactory
|
medium
|
|
for RE learning
|
1
|
|
1
|
22 Feb 2026
|
95a636c2b3af0bc69cc05f7b32281ff17c58cbe637bec5f8918f7514a5f37e09
|
struppigel
|
easy
|
|
Check out the LNK in this archive. It downloads malware. How does it achieve that?
|
1
|
|
0
|
21 Feb 2026
|
361f20f5843a9d609d42fc17f164eb44ed4f86ae3062e66e978c2c93890f65fd
|
struppigel
|
medium
|
|
LICENSE.txt was run via > %ALLUSERSPROFILE%\Microsoft\AppUpdate\SystemInfo\UsbService86.exe LICENSE.txt
UsbService86.exe has the signer **Python Software Foundation**
Decompile the code, then create a binary refinery pipeline to unpack the next layers.
(CyberChef might be an alternative, but I did not check if it has all necessary algorithms)
|
1
|
|
1
|
23 Jan 2026
|
4029f9fcba1c53d86f2c59f07d5657930bd5ee64cca4c5929cbd3142484e815a
|
larsborn
|
medium
|
|
Identify and reverse engineer the string deobfuscation function in this sample. Write a binary refinery pipeline to emulate it. Bonus points if you manage to write a Ghidra script.
|
1
|
|
0
|
13 Jan 2026
|
67f8302a2fd28d15f62d6d20d748bfe350334e5353cbdef112bd1f8231b5599d
|
larsborn
|
medium
|
|
Find and reverse engineer the string deobfuscation function in the sample. Create a binary refinery pipeline to decrypt the strings. Bonus points if you manage to write a Ghidra script to decrypt them all.
|
1
|
|
0
|
13 Jan 2026
|
1bc77b013c83b5b075c3d3c403da330178477843fc2d8326d90e495a61fbb01f
|
struppigel
|
advanced
|
|
Create a static C2 extractor that uses abstract syntax tree transformations with Babel. You can use astexplorer.net as helper tool.
|
1
|
|
0
|
13 Jan 2026
|
2299ff9c7e5995333691f3e68373ebbb036aa619acd61cbea6c5210490699bb6
|
struppigel
|
medium
|
|
Create a C2 extractor using a Python script, binary refinery pipeline or CyberChef recipie
|
1
|
|
0
|
11 Jan 2026
|
ee69b74d0f0dd59fcd87304863626efb727ad6255bc29a7d48b7a441390dff1a
|
struppigel
|
medium
|
|
This is packed by CypherIt crypter. Unpack the malware.
Bonus: Extract the config of the payload.
|
1
|
|
0
|
11 Jan 2026
|
7409250e8be3bdcdaa756faff2150b13677ae066e42cefa52844c87451f6f60d
|
struppigel
|
medium
|
|
Extract the InnoSetup script and decode the strings. Figure out the download URL statically.
Afterwards continue with [the next stage](https://samplepedia.cc/sample/e7cf02ad880e8ebb37134c5370189bd2620ce1bf60794aa8776db6ccc4d4f0f7/55/)
|
1
|
|
0
|
09 Jan 2026
|
5f56d5748940e4039053f85978074bde16d64bd5ba97f6f0026ba8172cb29e93
|
larsborn
|
medium
|
|
Find and analyze the string decryption/deobfuscation function. Determine the cryptographic algorithm being used and the memory layout of the encrypted data and key material. Try to emulate it with your tooling of choice, Binary Refinery is a good recommendation.
|
1
|
|
0
|
07 Jan 2026
|