New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Suspicious/malicious file with binary incoded as base64 ofuscating as png image #85

Open

Oil3 opened this issue Dec 14, 2023 · 1 comment

Oil3 commented Dec 14, 2023

SberSwapInference.ipynb

what it is this code trying to pretend its a png hiding with base 64 inside that file?

this is not cool at all.

http://www.hybrid-analysis.com/sample/7306e3871ed7f8d5cd5366755fb4407960706215c5925be05d231403a96f5700

passed from suspicious 40% threat to malicious 80% when I told the sandbox to open web browser.

The base 64 got me curious.
97% of the file size is of base 64 that's not a png despite saying its a png

What is it ? I suspect the sandbox to be racist with anything sounding slavic.

sebaro commented Mar 20, 2024

grep png SberSwapInference.ipynb | cut -d "\"" -f 4 | base64 -d > file.png

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment