https://hexpysya.github.io/tags/fileless-malware/Recent content in Fileless Malware on bubka hacks stuffHugo -- gohugo.ioen-usTue, 14 Apr 2026 00:00:00 +0000https://hexpysya.github.io/blue_team/splunk-shadowroast/Tue, 14 Apr 2026 00:00:00 +0000https://hexpysya.github.io/blue_team/splunk-shadowroast/A masqueraded AdobeUpdater.exe binary established persistence via a registry Run key, injected into cmd.exe, performed AS-REP Roasting with Rubeus against four AD accounts, laterally moved to FileServer using cracked tcooper credentials, enabled RDP, and staged share data for exfiltration.https://hexpysya.github.io/blue_team/ld-soc153---suspicious-powershell-script-executed/Sat, 14 Mar 2026 00:00:00 +0000https://hexpysya.github.io/blue_team/ld-soc153---suspicious-powershell-script-executed/User Tony downloaded and executed a malicious PowerShell script (payload_1.ps1 / agent3.ps1) classified as trojan.powershell/boxter (Azorult family). The script bypassed execution policy, then fetched and invoked a second-stage payload from kionagranada.com (161.22.46.148), establishing a two-stage C2 chain with a final pivot to 91.236.116.163.