Karsten Hahn

My intermediate level malware analysis course is there. 60% off for the next two weeks. …nalysis-for-hedgehogs.learnworlds.com/course/interme…

Malware delivery site https[:]//www-rarlab[.]com - WinRAR app.any.run/tasks/aabc0c21…

@allthingsida So you were frustrated? :D

I did not know Ghidra does that. Sorry, if this is silly, I stumbled upon it by accident.

New Video: Build your own LLM dynamic analysis lab 🦔🎥 ➡️ AI debugs and unpacks with x64dbg ➡️ AI can access powershell terminal youtube.com/watch?v=QrWzRg…

Mr. Titus Tech is correct. cpuid-dot-com is indeed delivering malware right now. As I began poking this with I stick I discovered this is not your typical run-of-the-mill malware. This malware is deeply trojanized, distributes from a compromised domain (cpuid-dot-com), performs file masquerading, is multi-staged, operates (almost) entirely in-memory, and uses some interesting methods to evade EDRs and/or AVs such as proxying NTDLL functionality from a .NET assembly. The C2 domain present in one of the binaries is a clear IoC. This is the same Threat Group who was masquerading FileZilla in early March, 2026. They've been busy.

@SOC_Prime Thank you! Much appreciated 🙏

@struppigel You are right that the source attribution is not visible enough on the page. We appreciate the feedback and will use it to improve how source authors and original research are credited in the UX. Thank you!

My colleagues have worked hard on analysing and writing a blog article on Kiss Loader. But on your site you make it look like this was your analysis work. Please fix that, @SOC_Prime The person below did not write the KISS loader article with that title.

@vxunderground Depends, did you get foot massages from them?

/me raises hand Hi. I see lots of people relatively frustrated with people communicating with Threat Actors. Historically I have done the same, but I don't recall receiving widespread criticism or disdain directed toward me. My question: are you guys mad at me too?

@bbaskin Bad example. Detection as "GameHack" is accurate and is not a malware verdict.

As a malware analyst I am uniquely qualified to explain that a file with a Virustotal score of 30/72 is actually legit

Whilst there is a small link to gdata on the top right, there is no indication what that means, and I did not notice that link for the first 20 min. My colleagues are not mentioned anywhere in the text. This is the original: blog.gdatasoftware.com/2026/03/38399-…

The recording of my first Binary Cartography webinar is now public: Agentic Reverse Engineering: How AI Agents Are Changing Binary Analysis Topics: keygenning, cracking & anti-tamper removal Recording: youtube.com/watch?v=DZcDaX… Slides/code/samples: github.com/mrphrazer/bina…

My malware analysis courses have now a new certificate design. …nalysis-for-hedgehogs.learnworlds.com/courses

Added a task for the SugarSMP spark stealer sample to samplepedia samplepedia.cc/sample/060ed0e…

@vxunderground Volunteer to clean people's systems and you find plenty

I don't understand what I'm doing wrong. I try, and try, and try, and I still don't have any success. I don't know if people are born privileged, or if it's my bad luck, or maybe I just suck... But some how people are getting free malware on the internet and I'm not not

@vxunderground Uh oh, I do the same.

tl;dr normie to big stinky nerd translator I'm going to share something embarrassing, but this is true. I have found a good usage of AI (for me, at least). I'm a big stinky nerd and I have a hard time understanding what people are saying to me. I am an extremely explicit communicator. I usually say exactly what I mean (for better or worse). I get very confused when people imply something, or lean heavily on emotional phrasing, to implicitly communicate. I have been unironically using AI to explain what people are saying to me. I'll detail the conversation to the best of my ability if it was communicated verbally, if it was online I copy-paste my message and the persons response (or comment). The silly AI slop robot then translates what the person says into explicit communication for me so I understand better. Basically, the dumb ass slop machine robot is better at understanding humans than me. Sometimes I have zero idea what someone is talking about or trying to convey. pic related: machine deciphering human language and explaining to my dumb nerd brain

Today I’m launching Threat Hunting Labs. Over the years I’ve analyzed many real-world intrusions. One thing became obvious: most training platforms don’t resemble how investigations actually happen. So I built something different. Threat Hunting Labs focuses on investigation-driven learning using real telemetry and structured investigative paths. If you want to get better at investigating breaches, you should practice investigating breaches. More details here: threathuntinglabs.com/blog/introduci…

@500mk500 @GDATA @anyrun_app Thanks for pointing that out 👀

Looks like "Spark stealer" (@GDATA ) == "Microstealer" (@anyrun_app )

@luke92881 Anti-VM check?

Any thoughts on this signed dll being dropped by foodformula? virustotal.com/gui/file/dfd12…

@RussianPanda9xx Wrinkles that were deepened from smiling a lot during your life are a very charismatic feature and interesting to look at. I have a deep "third eye" / brooding wrinkle between my eyebrows, not sure if I am happy about it, but it's accurate.

Those wrinkles are terrifying 💀 I can’t smile anymore 😂

I am genuinely impressed by mainstream media outlets ability to find absolute nobodies in cybersecurity. It's remarkable. I am often left speechless. There has been dozens occasions, especially as of recent, where some media outlet will be like, "Today as a special guest is world-renowned cybersecurity expert and ethical hacker Joe McCyberSecurity". I'm like, who the fuck is Joe McCybersecurity? I've been doing cybersecurity and malware stuff for a long time and I've never once seen or heard of Joe McCybersecurity. If he is world-renowned, I would THINK I would have seen them or heard of them. The camera then pans over to Joe McCybersecurity and it is the most generic cookie cutter white dude in a cheap suit and the tag below him will say something like, "Joe McCybersecurity, Ethical Hacker, CEO of Cybersecurity McJoe Industries" I'm like, "Cybersecurity McJoe Industries? What the fuck is that?". I look it up and it's a generic WordPress website hosted on GoDaddy with an expired SSL cert. Joe McCybersecurity then babbles incomprehensible nonsense for about 60 seconds until the TV host goes "woaw" and it cuts to a commercial. Absolute cinema.

@JAMESWT_WT @VirITeXplorer Thank you!

Mentioned #Spark #Stealer Samples 👇 bazaar.abuse.ch/browse/tag/Sug…