Malicious DLL Analysis

Michael Koczwara
9 min readFeb 20, 2023

Static/Dynamic Analysis and Reversing

I will be back soon

Intro

Right so again I will keep this intro very short. I have scanned (again) malicious infrastructure (maybe Threat Actors, maybe Red Teams, or maybe …)

and I was able to find out (again) an open directory with a bunch of interesting files (malicious DLLs and Sliver implants).

opendir 172.86.122.4
opendir and sliver implants

Malicious IP 172.86.122.4 hosting Sliver implants and DLLs.

opendir 172.86.122.4

Obviously, I dumped all the files into VT

VT analysis

--

--