Reversing shellcode using blobrunner and Olly
Tags
| attack-pattern: | Ip Addresses - T1590.005 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Python - T1059.006 Powershell - T1086 |
Common Information
| Type | Value |
|---|---|
| UUID | ad5d1333-67d1-4f44-af66-fbb015de10fe |
| Fingerprint | 2e7317262bae40f7 |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | Sept. 23, 2018, 12:28 a.m. |
| Added to db | Jan. 18, 2023, 7:56 p.m. |
| Last updated | Nov. 17, 2024, 5:58 p.m. |
| Headline | Deriving Cyber Threat Intelligence and Driving Threat Hunting |
| Title | Reversing shellcode using blobrunner and Olly |
| Detected Hints/Tags/Attributes | 21/1/10 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | File | 748 | kernel32.dll |
|
| Details | File | 80 | msvcrt.dll |
|
| Details | File | 4 | shellcode.txt |
|
| Details | File | 20 | shellcode.bin |
|
| Details | File | 2 | shellcode2.bin |
|
| Details | File | 5 | blobrunner.exe |
|
| Details | File | 130 | ws2_32.dll |
|
| Details | File | 5 | scdbg.exe |
|
| Details | md5 | 1 | b00f5681f0f4186a31224d67b20a1b31 |
|
| Details | IPv4 | 1 | 195.189.17.172 |