Skip to content

Instantly share code, notes, and snippets.

View cod3nym's full-sized avatar

Jonathan Peters cod3nym

32 followers · 15 following
View GitHub Profile
@cod3nym
cod3nym / hashes.txt
Created June 2, 2025 09:50
SHA256 for all Minecraft Rat samples I found on VT
6a201fc8696dc8ceff68c9829984b16e9994bc7c0a774bdd1859efec60f4d69b
44623c837caf40341d187b5b5e1486eaec2528d0af715310ddf6c1c4b7b9ccee
2ce1a9558cf1c45f19832af0fa9587bc29076009bfd2195aa64db4e2eef472eb
c3141c72e98fd48da3546217ada5e31b6786041bd0b24373ae91c9e36ee7a67d
12c9cca4b13fb5fa772ef2991afe06c25a3f7dca89dc2faf15b0bf6a22c15c92
9b60635bf858d1f432e726a029c7386ec6d17b2cc2e77845dc647200c7802312
d582c6bc50fa4f6c5a3f1e07ea33f61d4bd5276f76a66e65c68f5a57c3c1f511
000eed382ebec21a1f27a860cc52613cdd98fc36dd12d37bad15caeb36846d7f
8ca78f2eb59302102de3b8e471cd307513e655cfd0f872f27d2640eed0e3b4eb
f98916ba5138dd6f233023a3b9fe5e969a50bee3d7cfffb69900f4d1d39e02b6
@cod3nym
cod3nym / PupkinStealer.yar
Created April 30, 2025 15:29
rule PupkinStealer
{
meta:
description = "Detects Pupkin .NET Info-Stealer"
author = "Navneet, Jonathan Peters (cod3nym)"
date = "2025-04-28"
sample_hash = "9309003c245f94ba4ee52098dadbaa0d0a4d83b423d76c1bfc082a1c29e0b95f"
strings:
$x1 = "PupkinStealer" ascii wide // ascii and wide without extension to capture user strings and pdb paths etc.
$x2 = "@ardent.zip" wide // dotnet strings are wide
@cod3nym
cod3nym / bruteforce_crazycrackme,cs
Created January 5, 2025 16:38
Quick Decoding and Bruteforcing script for this crackme https://crackmy.app/crackmes/crazycrackme-by-thed0ublec-57395
// Key found: eMkcarCyzarCabYr
void Main()
{
string knownPart = new string(Decode("lIllllIIlIIIllIllIIllllIlIIIIlIllIIIIllIlIllllIIlIIIllIllIIllllIlIIlllIIlIIlIlIIlIllIIlIlIIllIlI").Reverse().ToArray());
int missingLength = 16 - knownPart.Length; // Length has to smaller or equal 16 and bigger than 8 see // Token: 0x0600000C RID: 12
BruteForceKey(knownPart, missingLength);
}
// Token: 0x06000009 RID: 9
@cod3nym
cod3nym / Deobfuscator.cs
Created November 18, 2023 19:43
Deobfuscator for Obfuscar compile as console app using new template - Requires AsmResolver.DotNet NuGet package
// See https://aka.ms/new-console-template for more information
using System.Text;
using AsmResolver;
using AsmResolver.DotNet;
using AsmResolver.PE.DotNet.Cil;
var deobfuscator = new Deobfuscator(args[0]);
deobfuscator.Process();