Karsten Hahn

@struppigel@infosec.exchange
450 Followers
53 Following
65 Posts
Malware Analyst at G DATA. Ransomware hunter. he/him 🦔🌈🏳️‍⚧️
Karsten HahnMay 20, 2023
Analysis process in a nutshell
Karsten HahnMay 20, 2023
Taxonomy of Auto Start Extensibility Points and examples
(by Daniel Uroz, Ricardo J. Rodríguez)
Karsten HahnMay 5, 2023
Links between registry root keys
Karsten HahnApr 12, 2023
Tfw you take a malware analysis course and give a bad rating because of malware files. o.O
Karsten HahnFeb 20, 2023

Gallery of bloated and obfuscated Batch malware downloaders.

IoCs: https://pastebin.com/mfFrGNcG

0e4f63bdaadc18c2a261aa7524209978986266094539abbbe2f7f0e55c0aa064 http[:]//171.24 - Pastebin.com

Pastebin.com is the number one paste tool since 2002. Pastebin is a website where you can store text online for a set period of time.

Pastebin
Karsten HahnFeb 20, 2023

When dealing with huge malware text files, visualization can help to find the culprit.

E.g. Here is a disruption that shows up in blue. That's the actual malware code.

File is described here https://www.netskope.com/blog/asyncrat-using-fully-undetected-downloader

First found by @malwrhunterteam

AsyncRAT: Using Fully Undetected Downloader

Summary AsyncRAT is an open-source remote administration tool released on GitHub in January 2019. It’s designed to remotely control computers via

Netskope
Karsten HahnFeb 12, 2023

PortexAnalyzerGUI release 0.12.9
➡️ alternate row colors for better visibility
➡️ tabs for different debug entries
➡️ toolbar settings are saved

https://github.com/struppigel/PortexAnalyzerGUI/releases/tag/0.12.9

Release PortexAnalyzer GUI v 0.12.9 · struppigel/PortexAnalyzerGUI

Changes: Debug node shows tabs for different debug entries alternate coloring of table rows for better visibility in both themes selection in tables highlights row show hex and show content previe...

GitHub
Karsten HahnJan 29, 2023
PortexAnalyzerGUI v0.12.7 released
➡️System theme support
➡️Content preview panel on the right side (press the 2nd button in the toolbar)
https://github.com/struppigel/PortexAnalyzerGUI/releases/tag/0.12.7
#PortexAnalyzerGUI
Release PortexAnalyzer GUI v 0.12.7 · struppigel/PortexAnalyzerGUI

Changes: added system theme support added ASCII text preview for content of the file at currently viewed offsets Full Changelog: 0.12.6...0.12.7

GitHub
Karsten HahnDec 25, 2022

PortexAnalyzer support for Yara signature scans released.

#PortexAnalyzer

https://github.com/struppigel/PortexAnalyzerGUI/releases

Releases · struppigel/PortexAnalyzerGUI

Graphical interface for PortEx, a Portable Executable and Malware Analysis Library - struppigel/PortexAnalyzerGUI

GitHub
Karsten HahnDec 22, 2022
Currently working on custom Yara scans.