Trainings Samples

Clear

SHA256	Author	Difficulty	Tags	Goal	Solutions	Comments	Created
`49660527c1c910ad2d3c5625c1b44682e465e45b65883dfc8d7d229d1bd0ebd8`	struppigel	advanced	packed stealer javascript discord mythjs nodejs pkg	Extract the main.js, decompile and deobfuscate it so far that you can see the webhook	1	0	07 Mar 2026
`dca13fc006a3b55756ae0534bd0d37a1b53a219b5d7de236f20b0262f3662659`	struppigel	medium	packed stealer electron javascript	Unpack the sample and obtain the config	2	0	04 Feb 2026
`94237eac80fd2a20880180cab19b94e8760f0d1f06715ff42a6f60aef84f4adf`	humpty_tony	medium	python stealer	This post’s goal is to show how you reverse a “boring” stealer by treating the loader chain as the real specimen. Peel multi-stage Python loaders safely: - Identify and undo container transforms (reverse bytes + zlib). - Recognize when crypto code is “almost right” but relies on a modified library (the PyAES GCM mismatch), then swap in a compatible implementation to decrypt without executing. - Deal with Python marshalled bytecode. - Reduce obfuscation to primitives (base64 aliasing, rot13, marshal.loads, LZMA/XZ payloads, BlankOBF patterns), so you can turn “giant blob soup” into discrete stages you can write to disk, identify with file, and decompile. So the analysis goal is basically: build a repeatable methodology for unpacking + staging + version-correct decompilation of Python malware—because that workflow applies to tons of commodity stealers and loaders.	1	1	04 Jan 2026

Page 1 of 1