Introduction To improve my rusty reverse-engineering skills, I’m going to analyze various malware samples that have come up in our incident response cases in loose succession. The first sample belongs to the Fenix botnet (sample here). In this post, we analyze a sophisticated malware infection chain that begins with a user downloading a ZIP file from a Dropbox link and culminates in the execution of a malicious shellcode. First Stage The infection chain begins when the user downloads a ZIP ...
