Miscellaneous code
./flubot/CryptaxRocks.java
: string de-obfuscation./flubot/flubot.js
: Frida hook to display plaintext communication with C&C./frida-hook/michaelrocks.js
: Frida hook to display de-obfuscated strings./flubot/DGA.java
: standalone implementation of Flubot’s DGA algorithmec3a10b4f38b45b7551807ba4342b111772c712c198e6a1a971dd043020f39a2
AlienBankbotDecrypt.py
. Script for JEB4.See ./glucose-tools directory
885d07d1532dcce08ae8e0751793ec30ed0152eee3c1321e2d051b2f0e3fa3d7
grab-oji.py
: Script to automatically grab fresh samples. This can be used to upload the samples to your favorite malware database for detection. Works as of May 7, 2021.Malware sha256: aad80d2ad20fe318f19b6197b76937bf7177dbb1746b7849dd7f05aab84e6724
MoqHaoUnpacker.java
: program to unpack the sample. Provide as argument the encrypted asset. e.g. efl15a
Malware sha256: fd1aac87399ad22234c503d8adb2ae9f0d950b6edf4456b1515a30100b5656a7
bahamutDecrypt.py
: decrypts files or strings encrypted by the malwareMalware sha256: 5b9049c392eaf83b12b98419f14ece1b00042592b003a17e4e6f0fb466281368
Malware sha256: afeb6efad25ed7bf1bc183c19ab5b59ccf799d46e620a5d1257d32669bedff6f
JokerDecryptPBE.java
kangaunpack.py
2c05efa757744cb01346fe6b39e9ef8ea2582d27481a441eb885c5c4dcd2b65b