https://hexpysya.github.io/tags/elf64/Recent content in ELF64 on bubka hacks stuffHugo -- gohugo.ioen-usSun, 15 Mar 2026 00:00:00 +0000https://hexpysya.github.io/investigations/htb-lockpick3.0/Sun, 15 Mar 2026 00:00:00 +0000https://hexpysya.github.io/investigations/htb-lockpick3.0/A ELF64 ransomware binary uses XOR string obfuscation keyed on a CLI passphrase, contacts a DigitalOcean C2 to register and retrieve an AES-256-CBC key and IV, recursively encrypts target files in /share/ renaming them to .24bes, exfiltrates the originals via HTTP PUT, zeroes and removes the source files, and installs a systemd service for persistence.