Technical Blog of Ali Aqeel

This blog is dedicated for malware reverse engineering and analysis reporting. Separate post for each malware type to include methods, tools, and techniques used to dissect malware samples. All malware samples presented are publicly available, been found in the wild, and downloaded from different sources. No affiliation or promotion to be made to any tool, platform, or Cybersecurity vendor. This blog is made to enrich cybersecurity content, technical analysis, and show case.

You can refer me to a malware sample that you think is interesting for research purposes only! by sending zipped/compressed sample with password (infected) or just sending the hash values to my email below.

📬 aliaqeel.sn2[at]

Recent Posts

Dissecting binaries from Egomaniac attack with API hashing technique

PDF files could be still on going attack vector depending on vulnerabilities that been discovered. In this sample the attacker used an old CVE-2010-2883 that performs stack-based buffer overflow for Adobe Reader and Acrobat of version 9.x before 9.4, and 8.x before 8.2.5 on Windows. This vulnerability allows the attacker to execute arbitrary code or … Continue reading Dissecting binaries from Egomaniac attack with API hashing technique

IcedID Analysis

IcedID aka (BokBot) is banking malware designed to steal financial information. Lunar Spider is the threat actor behind IcedID which they’ve been running campaigns since at least 2017. Beside stealing banking information, some incident show that IcedID is an entry stage to ransomware or RAT attack. It’s been observed lately that the threat actor has … Continue reading IcedID Analysis

SolarWinds Attack Plan A: The Imposter

The on-going investigation of SUNBURST/Solorigate supply-chain attack led by FireEye and Microsoft threat teams have reached to the second stage of the attack SUNSHUTTLE [3] [4]. More backdoors and C2 servers been discovered each time disclosing a stage of this wide and massive attack. Estimating the attacker distributed the SUNBURST during March 2020 [5] from … Continue reading SolarWinds Attack Plan A: The Imposter

More Posts