Heya. I have an unusual request for those of you, who knows something-something about malware analysis.
There is a repacker, who, in my opinion, is distributing malware/miners in his repacks.
I’ve done initial analysis and I’m very sure of it, but since I won’t ever run this shit on my PCs, and that malware is pretty sneaky and doesn’t run on most VMs/Sandboxes, someone with experience is needed to find solid proof of malware distribution. The execution on a real OS or modified VM will be probably needed to bypass malware hiding techniques.
I’ve compiled a special ZIP, which contains the following data:
One of the FreeArc archives, coming with repacks, which contains malware payloads (40 different exes, packed with VMP/Themida).
Python script, which extracts those exes based on PE headers. Python 3.10+ needed
Decompiled “CompiledCode.bin”, which contains bytecode of Inno Setup installer, which also participate in putting the payload into the system.
I don’t want to share more details right now, though have enough of data digged myself. But I need a third party to confirm or deny my findings.
Don’t download and don’t run any of it, if you’re not sure what are you doing.
If you can’t do it yourself but know someone with expertise in this field – please forward this to them.
