5/29/2023 0 Comments PasteBox 2.1.3 download![]() This appeared to be a Base64 string, although decoding it did not result in any readable text. By browsing to we found the following string: “EQKv4vx/Q0GD9AjrLI+LrnXEfUVrs+52mPHvY4VaPHnt+A1TGg=” It seems strange to include a hardcoded Pastebin link inside a malicious binary. When we opened the sample in IDA, we found a couple of interesting strings: The sample is not packed or obfuscated in any way and does not include any anti-debugging or sandbox evasion techniques. Recently, we came across a sample that was spread via RIG EK and was flagged by VirusTotal as malicious, but wasn’t detected with a specific name. Rig actors re-sell the exploitation service to other customers.The quality of malware distributed by RIG EK varies widely.Joining the hacking community and creating a business is easy. ![]() In this article, we present how we found a malware sample spread by RIG EK, tracked it back to the HackForums thread where the malware is sold, and what we learned about the hacking community and RIG EK in the process: One of the best-known tools for spreading malware is the RIG Exploit Kit (EK), a service that utilizes exploits in popular applications. On this site, hackers can buy and sell various malware, tools for implementing and spreading it, and more. is an underground forum that plays a significant role in the hacking market community.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
June 2023
Categories |