Multiple BaseXX Obfuscations, (Fri, Jul 16th)

I found an interesting malicious Python script during my daily hunting routine. The script has a VT score of 2/58[1] (SHA256: 6990298edd0d66850578bfd1e1b9d42abfe7a8d1deb828ef0c7017281ee7c5b7). Its purpose is to perform the first stage of the infection. It downloads a shellcode, injects it into memory, and executes it. What’s interesting is the way obfuscation is implemented.

Article Link: InfoSec Handlers Diary Blog