I found an interesting malicious Python script during my daily hunting routine. The script has a VT score of 2/58 (SHA256: 6990298edd0d66850578bfd1e1b9d42abfe7a8d1deb828ef0c7017281ee7c5b7). Its purpose is to perform the first stage of the infection. It downloads a shellcode, injects it into memory, and executes it. What’s interesting is the way obfuscation is implemented.
Article Link: InfoSec Handlers Diary Blog