Malware Analysis · Threat Intelligence

Reverse engineering
malware,
one sample at a time.

Independent malware analyst & computer engineering student. I dissect malicious software, document TTPs, and publish detailed technical reports. Currently studying Threat Intelligence and working toward a deeper understanding of adversary tradecraft.

Static Analysis Dynamic Analysis Threat Intel MITRE ATT&CK Malware RE YARA Rules

→ View Reports About me

1 Reports Published

0 Malware Families

9 Tags Covered

∞ Curiosity

Latest Reports View all →

001

RedLine Stealer v5 — Credential Harvesting via Fake Software Installers

2025-03-18 RedLine / Win32

stealer loader

Critical

Latest Posts View all →

2026-04-17

DawgCTF - Data Needs Splitting Write-up

I loved this question and wanted to make a write-up, from queryig TXT Records to Reverse Engineering .jar file

CTFReverse-EngineeringDawgCTFJava

→

2025-03-01

Setting Up a Malware Analysis Lab on a Budget

How I built an isolated analysis environment using free tools and a spare machine — no expensive licenses needed.

lab-setuptoolingbeginner

→

blackrose@lab:~/samples$

$ file sample.exe

sample.exe: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed

$ strings sample.exe | grep -i "http"

http://185.220.101[.]47/gate.php

$ python3 extract_config.py sample.exe

C2: 185.220.101[.]47:80

BuildID: RDL_2024_prod_v5

Steals: browsers, wallets, steam, discord, telegram

Mutex: RDL_MUTEX_5Xk2pQ

$ # Defanged IOCs — do not connect to live infrastructure

$ _

Analysis Toolkit

Static

PE-bear

PE header inspector and editor

Static

IDA

Hex-Rays Interactive disassembler & decompiler

Static

DIE

Detect-It-Easy — packer/compiler detection

Dynamic

x64dbg

Open-source debugger for Windows binaries

Dynamic

Procmon

Process monitor for filesystem & registry

Network

Wireshark

Packet capture and protocol analysis

OSINT

VirusTotal

Multi-AV scanning and hash reputation

Sandbox

Any.run

Interactive malware sandbox analysis

Rules

YARA

Pattern matching for malware detection

Sandbox

VMWare

Virtual isolated environment by Broadcom

.NET

dnSpy

Static & Dynamic analysis for .NET Framework

Dynamic

Procmon

Sysinternal Suite tool for process analysis

About

Background

I'm a computer engineering student with a strong focus on malware analysis and threat intelligence. Based in Turkey, I'm actively developing hands-on skills through self-directed research.

This site is where I publish my analysis work and detailed breakdowns of real malware samples, including behavioral analysis, IOC extraction, and MITRE ATT&CK mapping.

My goal is to learn in public, document my progress, and contribute useful intelligence back to the community.

Learning Path

Malware Analysis & Reverse Engineering — Self-study
MITRE ATT&CK Framework — Applied usage
Threat Intelligence fundamentalsOK
Flare-Learning-Hub Ongoing
eLearnSecurity eMalware Analysis Planned

Focus Areas

Commodity malware — Stealers, RATs, loaders, and ransomware that affect real users every day.

Threat actor TTPs — Understanding how adversaries operate beyond just the sample itself.

Contact

Have a sample to share, a collaboration idea, or just want to talk malware? Reach out.

Email: 0xblackrose@proton.me
Twitter: @LxlxIxlxlxL
Discord: @0xbl4ck