Trainings Samples

Samples

Clear

SHA256	Author	Difficulty	Tags	Goal	Solutions	Comments	Created
`291df8186e62df74b8fcf2c361c6913b9b73e3e864dde58eb63d5c3159a4c32d`	malcat	medium	shellcode emulation config extraction nsis	Use emulation and/or static analysis to get to the final malware and extract its configuration	1	1	04 Jan 2026
`6f8f1b26324ea0f3f566fbdcb4a61eb92d054ccf0300c52b3549c774056b8f02`	malcat	medium	hta loader macro office	List all the download urls for the next stage using static analysis only. Bonus point if you do not use Excel.	1	0	04 Jan 2026
`cb21368467bdf0ca8a4cd458f54d684e10da2d43a9c7285e094d39bdc410fb10`	struppigel	medium	packed powershell config extraction xworm stage 2	Unpack the payload and extract the configuration. This is a second stage file, you find the [first stage here](https://samplepedia.cc/sample/5bc8b1a067ec4b487e88c2bb93728158633f4fdf22b111d5562cbb4ad3426d30/31/)	1	0	04 Jan 2026
`5bc8b1a067ec4b487e88c2bb93728158633f4fdf22b111d5562cbb4ad3426d30`	struppigel	medium	loader js obfuscated stage 1	Deobfuscate this loader such that you get the download URL.	2	0	04 Jan 2026
`0ad4f87dfa9b814b78e9db2360a89ea7940fb5ad919637bbaacb1222fb44098d`	struppigel	medium	emulation peunion write unpacker anti-emulation	Write an emulation-based unpacker for this crypter. Use the native 32-bit stub and RunPE shellcode. Ignore .NET.	1	0	31 Dec 2025
`892834734712fe5bc7a6614be6972de1be2d74ad424ef47b2c701046e4912426`	struppigel	medium	privateloader signature writing	Write a code-based signature with Yara for this sample.	1	0	30 Dec 2025
`3d1a4b9e37868f54e7e7eb98aae0203e2c50b2977170e0006cd3cbcb071c6b94`	struppigel	medium	lummastealer powershell vbscript hta loader	Build a binary refinery pipeline or CyberChef recipe that extracts the download URL from the loader.	1	0	29 Dec 2025
`20946142795ea4b9fafad9a279e5da0e2f491f567380d7f37570d451f3aa6b8f`	struppigel	medium	process injection .net upx	This sample has multiple layers. Unpack the final one. Determine the malware family of the final payload.	1	0	26 Dec 2025
`5544e6c66cbf6503cddef2797acbff4fb81ededaef2334a596e6484cfaa0b8e8`	struppigel	medium	dll sideloading packed shellcode	Unpack the payload. This can be done either with a debugger or using only static unpacking with binary refinery. Note: The payload is obfuscated with VMProtect, deobfuscating it is not part of the task.	1	0	26 Dec 2025
`3c086e76942fb9fd3d1e4384e9c1228c227c00c78dc29fca512ed95ee919ee5e`	struppigel	medium	acrstealer game python renpy	This application consists of almost 3000 files. Find proof that the sample is malicious by finding the malicious code. A weird filename with homoglyphs is not enough, nor is behavioral analysis in a sandbox.	1	0	26 Dec 2025

Page 2 of 2