About The Project On September 18th, The twitter account Malware Hunter Team Tweeted about a DLL, batch script, and PowerShell script being publicly hosted at 103[.]68[.]109[.]31. Given that a DLL was being hosted, I thought it would be an interesting target to reverse engineer. This blog post is analyzing that DLL and ultimately patching this simple reverse shell to call back to a local virtual machine. OSINT Initial triage with VirusTotal reports that some vendors detect the target IP addre...
