In February/March 2021, A curious lightweight payload has been observed from a well-known load seller platform. At the opposite of classic info-stealers being pushed at an industrial level, this one is widely different in the current landscape/trends. Feeling being in front of a grey box is somewhat a stressful problem, where you have no idea... » read more| Fumik0_'s box
It’s been a while that I haven’t release some stuff here and indeed, it’s mostly caused by how fucked up 2020 was. I would have been pleased if this global pandemic hasn’t wrecked me so much but i was served as well. Nowadays, with everything closed, corona haircut is new trend and finding a graphic... » read more| Fumik0_'s box
Whenever I reverse a sample, I am mostly interested in how it was developed, even if in the end the techniques employed are generally the same, I am always curious about what was the way to achieve a task, or just simply understand the code philosophy of a piece of code. It is a very... » read more| Fumik0_'s box
Hi folks, It’s been one year that the tracker (https://tracker.fumik0.com) is now active and over this past months, I understood that maintaining this solo project was definitely not an easy task. But, right now, Haruko is step by step a growing place that provides a start for OSINT stuff, learning Reverse malware analysis or helping... » read more| Fumik0_'s box
Loaders nowadays are part of the malware landscape and it is common to see on sandbox logs results with “loader” tagged on. Specialized loader malware like Smoke or Hancitor/Chanitor are facing more and more with new alternatives like Godzilla loader, stealers, miners and plenty other kinds of malware with this developed feature as an option.... » read more| Fumik0_'s box
When you are a big fan of the Konosuba franchise, you are a bit curious when you spot a malware called “Megumin Trojan” (Written in C++) on some selling forums and into some results of sandbox submissions. Before some speculation about when this malware has appeared, this one is not recent and there are some... » read more| Fumik0_'s box
After some issues that kept me far away from my researches, it’s time to put my hands again on some sympathetic stuff. This one is technically and finally my real first post of the year (The anti-VM one was a particular case). So today, we will dig into Qulab Stealer + Clipper, another password-stealer that... » read more| Fumik0_'s box
Hi Folks, I’m not usually in this kind of paper, but this time, I am exceptionally writing a really short one about something related to some VM evasive PoC. There is always some tricks to detect if you are running on a virtual machine or not. Most of them are stupid, but it’s enough accurate... » read more| Fumik0_'s box
Well, it’s been a long time without some fresh new contents on my blog. I had some unexpected problems that kept me away from here and a lot of work (like my tracker) that explain this. But i…| Fumik0_'s box
Sometimes when you are reading tons and tons of log of malware analysis, you are not expecting that some little changes could be in fact impactful. I paid the price when I was analyzing a supposed …| Fumik0_'s box