oasec1
oasec1
No I haven't seen ransomware at all for testing so I dont believe that its the case. Also back is the missing output into the text file
Thanks, Brian On Sun, Oct 22, 2023, 12:48 PM Brian Baskin ***@***.***> wrote: > Reopened #60 . > > — > Reply to this email directly, view it on GitHub...
Thanks for the response, I can certainly get a relatively new sample for analysis and testing. Let me know when you'd like to start, we can do remote sessions with...
I tried this but it was unsuccessful. An added twist is that the ransomware is encrypting the noriben.py, therefore the procmon log file is not closing cleanly. Using your recommended...
Oddly enough this was flagged as a virus by MS defender, Wacatac.B!ml I can get it on the vm to run it. Thoughts? Robert On Sun, May 30, 2021 at...
Is this a test executable or an executable version of Noriben? On Sun, May 30, 2021 at 2:33 PM Brian Baskin ***@***.***> wrote: > I've tried it as an executable....
OK, running the noriben executable from within a folder on the desktop executes but generates the output txt file and csv file but they are empty. Moving the procmon.configuration.pmc file...
It does not appear to have worked, the output files were encrypted On Sun, May 30, 2021 at 4:00 PM Brian Baskin ***@***.***> wrote: > This exe is the actual...
If you have some time and want to, we can work on this remotely. Maybe seeing it you'll think of another possibility. On Sun, May 30, 2021 at 4:00 PM...
Sure I'll send it over. I'll send the password in a separate email. It is definitely ransomware. On Sun, May 30, 2021 at 4:05 PM Brian Baskin ***@***.***> wrote: >...