[spam][crazy] bomb malware
Karl
gmkarl at gmail.com
Mon Dec 13 02:31:40 PST 2021
my phone is aarch64 so this is a small stumbling block
websearching found this article on reverse engineering go binaries using
ghidra: https://cujo.com/reverse-engineering-go-binaries-with-ghidra/
dunno if it's any good, but it's fun to try to install ghidra on my phone!
maybe check for strings first
~/.../l4j2/Log4J Malware $ strings -n12
Mirai/776c341504769aa67af7efc5acc66c338dab5684a8579134d3f23165c7abcc00
/dev/watchdog
/dev/misc/watchdog
instagram.com/iot.js
~/.../l4j2/Log4J Malware $ strings
-n12
Muhstik/15e7942ebf88a51346d3a5975bb1c2d87996799e6255db9e92aed798d279b36b
HH3H3HPPDH3H3DLLTHx
9abcdefghijklmnopqrstuvwxyzABCDE
FGHIJKLMNOPQRSTUVWXYZ
ready 2ning.
+ :KILL_PORT
http:///.*l;
Mozilla/4.75 [
v09RIIB/2WXA
#$%^&*()-+_<>?/:;}{][#i
nandemo shiranai wa yo,
shitteru koto dake
!/proc/self/exe7
GCC: (GNU) 3.
meanwhile Kinsing has a ton of raw string debugging symbols and a lengthy
hexadecimal string that could be an ascii-encoded payload
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 2818 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks/attachments/20211213/40d19a48/attachment.txt>
More information about the cypherpunks
mailing list