Ghidra script to handle stack strings – Max Kersten
Tags
| country: | Laos Russia |
| attack-pattern: | Data Model Malware - T1587.001 Malware - T1588.001 Python - T1059.006 Scripting - T1064 Scripting |
Common Information
| Type | Value |
|---|---|
| UUID | c30c4dc0-0d4a-4e93-991a-6531687a9d70 |
| Fingerprint | 30106620ed9f7254 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Aug. 19, 2022, midnight |
| Added to db | Sept. 26, 2022, 9:34 a.m. |
| Last updated | Nov. 17, 2024, 11:40 p.m. |
| Headline | Ghidra script to handle stack strings |
| Title | Ghidra script to handle stack strings – Max Kersten |
| Detected Hints/Tags/Attributes | 37/2/16 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 4128 | github.com |
|
| Details | Domain | 1 | simplestackstrings.py |
|
| Details | Domain | 4 | ghidra.app |
|
| Details | Domain | 2 | maxkersten.nl |
|
| Details | File | 1 | s_kernel32.dll |
|
| Details | File | 1 | standardcharsets.iso |
|
| Details | File | 1 | simplestackstrings.py |
|
| Details | Github username | 1 | 0x6d696368 |
|
| Details | md5 | 5 | 42e52b8daf63e6e26c3aa91e7e971492 |
|
| Details | md5 | 3 | c6c6162cca729c4da879879b126d27c0 |
|
| Details | sha1 | 4 | 98b3fb74b3e8b3f9b05a82473551c5a77b576d54 |
|
| Details | sha1 | 3 | 80e5fd86127de526be75ef42ebc390fb0d559791 |
|
| Details | sha256 | 11 | a294620543334a721a2ae8eaaf9680a0786f4b9a216d75b55cfd28f39e9430ea |
|
| Details | sha256 | 3 | 344fc6c3211e169593ab1345a5cfa9bcb46a4604fe61ab212c9316c0d72b0865 |
|
| Details | Url | 1 | https://github.com/0x6d696368/ghidra_scripts/blob/master/simplestackstrings.py |
|
| Details | Url | 2 | https://maxkersten.nl |