Skip to main content

2 posts tagged with ".NET"

View All Tags

· 12 min read
Jose Luis Sánchez Martínez

Summary

During 2019-2021 I was focused on analyzing campaigns orchestrated by the APT-C-36 group and RATs used by this same group and other cybercriminal groups such as RemcosRAT, AsyncRAT, Imminent Monitor RAT, etc. In the last few months I have seen some modifications of TTPs in many of these families that have caught my attention and I wanted to analyze them to see what is new.

Therefore, during this entry we will go through the analysis of a sample of AsyncRAT distributed in Colombia during the last month.

info

The objective of the analysis is to provide information on the execution of the binary, genealogy and other stuff, not to go into the details of the static part.

· 7 min read
Jose Luis Sánchez Martínez

Summary

Jlaive is a project created to evade antivirus by creating batch files from .NET assemblies. The way it does it is very interesting and gives a new window of opportunities to actors to evade defenses and execute their payloads.

You can find the project on their official GitHub: https://github.com/ch2sh/Jlaive