Germán Fernández
@1ZRR4H
🏴☠️ OFFENSIVE-INTEL 🏴☠️ Cyber Threat Intelligence by Hackers | Security Researcher en https://t.co/rDrSxZASB3 | @CuratedIntel Member | 🥷🧠🇨🇱
ID:37090957
http://www.offensive-intel.com 02-05-2009 00:36:28
30,4K Tweets
28,6K Followers
577 Following
Follow People
#SolarMaker trojan installs a backdoor
#Signed #ImposterCertificate
Decoy: 'The code execution cannot proceed because MSVCR120.dll was not found. Reinstalling the program may fix this problem'
C2: 2.58.15.118
VT: virustotal.com/gui/file/9fcdb…
MB: bazaar.abuse.ch/sample/c8d6799…
A server on Discord that is distributing something called 'Xylex Executor' (supposed Roblox Byfron Bypass) caught my attention, however, I checked in detail the hash (shared by the admin) and it turns out that it leads to #ExelaStealer 😏
The final payload is downloaded from
0044d6cf5c33ac9d1accef9f815add6cff3057d29680d9f7ed055b0d49534f41
From these:
6cc36fe3adca4f675d1f35cd59fb29b43397e6ca524ef161ffebb0361a1c39b9
c27795207ea90d0c8491e7eb08c418758571b8f7ba86dbb649c21bdd969d1f95
f7a4a5514276d31e8438821d63dde38b45b1d50cafee427083dd7e03d7041ac3
Germán Fernández
Interesting threat observed:
counter: hxxps://samorai-3e912-default-rtdb.firebaseio[.]com/user.json
pdb: C:\Users\La Brea\Music\REMOTAS\Injectors\C++\Dll1\Release\msedge_elf.pdb
payload: hxxps://sup-docul[.]life/JOSEDAGOIABA/TANK.rar
Germán Fernández
🦔 📹 New Video: D3fack loader analysis
➡️ Inno Setup pascal script analysis
➡️ string deobfuscation with binary refinery
➡️ JPHP decompilation
Sample was first described by RussianPanda 🐼 🇺🇦
youtube.com/watch?v=y09Zre…
#MalwareAnalysisForHedgehogs #D3fackLoader