Denwp Research
  • Home
  • Malware
  • Detection Engineering
  • About
More_Eggs? A Venom Spider Backdoor Targeting HR
blog

More_Eggs? A Venom Spider Backdoor Targeting HR

The More_Eggs malware, operated by the financially motivated Venom Spider (aka Golden Chickens) group, is a potent JavaScript backdoor sold as Malware-as-a-Service (MaaS) to threat actors like FIN6 and Cobalt Group. Known for targeting human resources (HR) departments, it exploits the trust in job application emails to deliver malicious
May 17, 2025 7 min read
Reversing FUD AMOS Stealer
blog

Reversing FUD AMOS Stealer

The AMOS Stealer is a macOS malware known for its data theft capabilities, often delivered via an encrypted osascript (AppleScript) payload. In this blog, I’ll walk you through my process of reverse engineering a Fully Undetected (FUD) AMOS Stealer sample using LLDB, with Binary Ninja (Binja) as a reference
Mar 20, 2025 8 min read
Analyzing a Fully Undetectable (FUD) macOS Backdoor
blog

Analyzing a Fully Undetectable (FUD) macOS Backdoor

macOS backdoor using process name spoofing, DYLD injection, & C2 commands
Jan 30, 2025 6 min read
Unexplored LOLBAS Technique: Wevtutil.exe
blog

Unexplored LOLBAS Technique: Wevtutil.exe

Wevtutil.exe manages Windows event logs, aiding system admins but exploitable by attackers for log manipulation, evasion, and data exfiltration.
Nov 25, 2024 6 min read
Hidden World of xattr: Lazarus Group’s Abuse of "Rustyattr" to Evade Detection
blog

Hidden World of xattr: Lazarus Group’s Abuse of "Rustyattr" to Evade Detection

Lazarus Group hides malware in macOS extended attributes (xattr), evading detection.
Nov 19, 2024 7 min read
sLoad Malware Delivery Through Phishing Campaigns in Ukraine
blog

sLoad Malware Delivery Through Phishing Campaigns in Ukraine

Phishing campaign targets Ukraine, delivering sLoad malware through fake PDF links in .rar files, with advanced obfuscation and reconnaissance tactics.
Nov 1, 2024 5 min read
Dissecting Lumma Malware: Analyzing the Fake CAPTCHA and Obfuscation Techniques - Part 2
blog

Dissecting Lumma Malware: Analyzing the Fake CAPTCHA and Obfuscation Techniques - Part 2

In Part 1 of our series on Lumma Stealer, we explored the initial attack vector through a fake CAPTCHA page. We observed how the malware deceives users into downloading and executing malicious payloads. In this second series, we delve deeper into the technical details of the Lumma Stealer’s loader,
Sep 9, 2024 10 min read
Anatomy of a Lumma Stealer Attack via Fake CAPTCHA Pages - Part 1
blog Featured

Anatomy of a Lumma Stealer Attack via Fake CAPTCHA Pages - Part 1

As of late August 2024, attackers have been using fraudulent "human verification" pages to trick users into executing a malicious PowerShell script. This blog post will explore the full attack vector, detailing how the malware is delivered, executed, and the indicators of compromise (IOCs) involved. Lumma Stealer is
Aug 30, 2024 5 min read
Decoding AsyncRAT: From ISO file to C2 domain
blog

Decoding AsyncRAT: From ISO file to C2 domain

ASYNC RAT (Remote Access Trojan) is a malware designed for remote control of infected systems. The malware is commonly used to steal sensitive information, deploy additional malware, and maintain persistent access to compromised networks. Once installed on a target machine, ASYNC RAT can perform various malicious activities, including keylogging, screen
Jun 14, 2024 8 min read
From Base64 to Reverse Shell: Unpacking Malware from a Word Document
blog

From Base64 to Reverse Shell: Unpacking Malware from a Word Document

Malware distribution through infected documents, especially Microsoft Word files containing malicious macros, is a common threat. This article explores the process of reversing malware found in a Windows Word document, highlighting the techniques used by attackers and ways to mitigate such threats. The sample has been download from Malware Bazaar
Apr 15, 2024 4 min read
Unveiling the Stealth: How Malware Hides Using Alternate Data Streams
blog

Unveiling the Stealth: How Malware Hides Using Alternate Data Streams

Understanding the intricacies of malware evasion techniques is very important. One such method gaining notoriety is the use of Alternate Data Streams (ADS). In this article, we delve into the covert world of ADS and explore how malware exploits this file system feature to hide from detection. Alternate Data Streams
Dec 8, 2023 6 min read
The Spy Within: A Close Encounter with Agent Tesla Malware
blog

The Spy Within: A Close Encounter with Agent Tesla Malware

The analyzed sample is part of the notorious malware family known as 'Agent Tesla,' classified as a Remote Access Trojan (RAT). This particular variant, encapsulated in a compiled .exe file, unfolds a complex web of functions and methods designed to gather sensitive data from the infected device. Throughout
Nov 18, 2023 3 min read
Page 1 of 1
Denwp Research © 2025
Powered by Ghost