/tags/malware/ Recent content in Malware on Dino Hacks Hugo -- gohugo.io en-us Sat, 20 Sep 2025 19:49:55 +0530 /posts/2025/2025-09-20-malware-quickbytes-python-stealer/ Sat, 20 Sep 2025 19:49:55 +0530 /posts/2025/2025-09-20-malware-quickbytes-python-stealer/ Malware Quickbytes is a series where a sample is analysed briefly, often using shortcuts. Sample I came across an untagged sample uploaded to Malware Bazaar: Sample SHA256: e5287f2e60151676f861ab0825152d444371063880ab98dc6bcb796bf577525b So, let’s analyse it. Analysis From the tria.ge report , the sample seems to be a stealer. The report also mentions the following: Dropping a file to the startup location Fetches the external ip addresses Reads browser files. Reads wifi configuration Uses discord as a c2. /posts/2025/2025-03-17-defeating-string-obfuscation-in-obfuscated-nodejs-malware/ Mon, 17 Mar 2025 02:00:53 +0530 /posts/2025/2025-03-17-defeating-string-obfuscation-in-obfuscated-nodejs-malware/ In recent years, there has been a notable increase in infostealers written in Node.js. These are typically built using leaked stealer source code or open-source stealer project. The source code is often modified or simply rebranded, with additional layers of obfuscation applied. The obfuscated code is then packaged in various formats: as an Electron application, which is further wrapped using packers or installers like NSIS or Wix Installer, or as a standalone Node.