New Video: Build your own LLM dynamic analysis lab 🦔🎥
➡️ AI debugs and unpacks with x64dbg
➡️ AI can access powershell terminal
My malware analysis courses have now a new certificate design.
https://malwareanalysis-for-hedgehogs.learnworlds.com/courses
Added a task for the SugarSMP spark stealer sample to samplepedia
https://samplepedia.cc/sample/060ed0ec27a0a4ad7b55425ed56d8ef0c55aa61b499d4884d1679f18d518ddf3/89/
I wrote an article about SugarSMP Minecraft scams, Spark stealer, extortion and hacked accounts.
After a brief contact to the threat actor, we talked to two victims and followed the trail.
Analysis in collaboration with @rifteyy
#GDATATechblog #GDATA
https://blog.gdatasoftware.com/2026/03/38390-minecraft-mod-sugarsmp-malware
🦔 📹 New video: NodeJs analysis when deobfuscator fails
➡️ #MythJs stealer sample
➡️ pkg VFS exploration tool
➡️ js-confuser
#MalwareAnalysisForHedgehogs
https://www.youtube.com/watch?v=gtLqrjsGRmQ
New blog: Using LLMs the right way for malware analysis
💡Tips for building an autonomous AI analysis lab on a 12 yo laptop and getting stuff done faster without loss of accuracy.
https://blog.gdatasoftware.com/2026/03/38381-llm-malware-analysis
GuvercinInstaller.exe 1/72
#kurdishmyth stealer, NodeJS
➡️Infects discord_desktop_core\index.js
➡️Steals various browser and discord data.
➡️Exfiltrates via discord webhook.
The code references kurdishmyth and mythprivate
The wallet exfiltration webhook uses a photo of Abdullah Öcalan as its avatar image.
You will find the same malware family with this VT search query:
vhash:087076656d156d05655253z72zff7z11z23z13z93z12b4z11z behaviour_processes:"C:\\Windows\\system32\\cmd.exe /d /s /c \"taskkill /F /IM discord.exe\""
