malware analysis

This blog presents the analysis of a Smokedham Remote Access Trojan (RAT) sample with a focus on Binary Refinery pipeline construction The malware uses a multi-stage execution chain involving a Python byte-compiled loader, an embedded PowerShell runtime, and a final in-memory .NET implant.

The writeup analyzes Lobster Stealer, a macOS malware that steals sensitive data like passwords, browser history, and cryptocurrency wallet info. It uses RC4 for command obfuscation and AES-128-CBC for encrypting flag. The challenge involves decrypting the flag by analyzing the malicious OSA script and extracting encryption keys from a PNG file.