> be United States government
> 1985
> have a bunch of people they want arrested
> idea.jpeg
> make fake company
> Flagship International Sports Television
> send invites to a bunch of people
> tickets to Washington Redskins FOR FREE!!!
> name it Operation Flagship
> mail tickets
> now_we_wait.mp4
> over 100 people show up for free tickets
> arrest them
> ez gg get rekt nerd
> pause
> fast forward
> 2026
> Drake doing concert tour thingy
> free tickets for women named "Janice"
> only in specific cities at specific times
> when Janice arrives must show government id
> Janice must be their legal first name
Probably not a United States government operation trying to identify and locate a fugitive or person they label an enemy of the United States. It is probably Drake just being silly and meme-y and wanting to ONLY INVITE women named Janice in New York, Los Angeles, Miami, Toronto, or Houston because of that oddly specific "Janice STFU" song he released previously this year.
> 1985
> have a bunch of people they want arrested
> idea.jpeg
> make fake company
> Flagship International Sports Television
> send invites to a bunch of people
> tickets to Washington Redskins FOR FREE!!!
> name it Operation Flagship
> mail tickets
> now_we_wait.mp4
> over 100 people show up for free tickets
> arrest them
> ez gg get rekt nerd
> pause
> fast forward
> 2026
> Drake doing concert tour thingy
> free tickets for women named "Janice"
> only in specific cities at specific times
> when Janice arrives must show government id
> Janice must be their legal first name
Probably not a United States government operation trying to identify and locate a fugitive or person they label an enemy of the United States. It is probably Drake just being silly and meme-y and wanting to ONLY INVITE women named Janice in New York, Los Angeles, Miami, Toronto, or Houston because of that oddly specific "Janice STFU" song he released previously this year.
π88π€£37β€11π±4π2π1π₯°1π’1
vx-underground
> be United States government > 1985 > have a bunch of people they want arrested > idea.jpeg > make fake company > Flagship International Sports Television > send invites to a bunch of people > tickets to Washington Redskins FOR FREE!!! > name it Operationβ¦
This media is not supported in your browser
VIEW IN TELEGRAM
inb4 "nah its just because of that oddly specific song he released, its just a meme"
π€£91π₯°9π6β€4π’1
This media is not supported in your browser
VIEW IN TELEGRAM
"HoW CaN yOu bE aN eXpErT iF yoU rAn maLwaRe oN YouR PC???"
It's very shrimple.
1. I'm comfortable admitting my mistakes publicly in front of hundreds of thousands of people. If I make a mistake, small or catastrophic, I will admit it. I feel comfortable with my skill set. I open myself to criticism from everyone. No, obviously it does not feel good being called "retarded", "jackass", "skid", "moron", etc by people, but it is what it is. If I do not open myself to criticism I will not improve. My success and failure also demonstrates what to do and what not to do. But seriously, sometimes I read some of these comments and I'm like, "dayum, theyre cookin me fr"
2. I am desensitized to malware. I am around it nonstop (writing, collecting, reversing) so I do things in a way I would not advise someone else to do. I feel comfortable doing really dangerous things with malware because I am familiar with how they work. Additionally, in the spirit of full-disclosure, sometimes I don't like dealing with VMs because I feel like they slow me down.
video: when i make a mistake in front of 500,000 people and get called a retard by a bunch of ppl
It's very shrimple.
1. I'm comfortable admitting my mistakes publicly in front of hundreds of thousands of people. If I make a mistake, small or catastrophic, I will admit it. I feel comfortable with my skill set. I open myself to criticism from everyone. No, obviously it does not feel good being called "retarded", "jackass", "skid", "moron", etc by people, but it is what it is. If I do not open myself to criticism I will not improve. My success and failure also demonstrates what to do and what not to do. But seriously, sometimes I read some of these comments and I'm like, "dayum, theyre cookin me fr"
2. I am desensitized to malware. I am around it nonstop (writing, collecting, reversing) so I do things in a way I would not advise someone else to do. I feel comfortable doing really dangerous things with malware because I am familiar with how they work. Additionally, in the spirit of full-disclosure, sometimes I don't like dealing with VMs because I feel like they slow me down.
video: when i make a mistake in front of 500,000 people and get called a retard by a bunch of ppl
β€114π₯°15π6π«‘6π’3π―3
vx-underground
"HoW CaN yOu bE aN eXpErT iF yoU rAn maLwaRe oN YouR PC???" It's very shrimple. 1. I'm comfortable admitting my mistakes publicly in front of hundreds of thousands of people. If I make a mistake, small or catastrophic, I will admit it. I feel comfortableβ¦
439,000 people on X and 50,000 on Telegram, almost 500,000, whatever. Close enough.
β€81π₯°14π’6π2π2
This media is not supported in your browser
VIEW IN TELEGRAM
Chat, we are cooking.
Previously on Dragon Ball Z, someone DM'd me a spoopy GitHub they found. They asked if it was malware. It was malware.
The GitHub contained HEAVILY obfuscated Lua. The malware payload is using Prometheus Obfuscator.
Upon review, it was determined this malware is SmartLoader. SmartLoader is a malware campaign heavily associated with Rhadamanthys Stealer and StealC Stealer.
SmartLoader is relatively new and is being tracked by AhnLabs, TrendMicro, Hexastrike, McAfee, and the GitHub security team. It first emerged around March, 2024.
SmartLoader is pretty sophisticated. It is multi-staged, uses Polygon Smart Contracts for C2 information retrieval, and despite being Lua, it is also makes usage of NTDLL makes low-level WINAPI function invocations. One interesting attribute also is it programmatically inflates or deflates its file size for pseudo-polymorphism. This is extremely cool.
I mention this, and the whole cookin' thing, because after I made a post complaining about the obfuscated Lua, a very, very, very gifted person in Lua obfuscation and de-obfuscation contacted me and successfully deobfuscated it. I don't know if they want credit or not, because they're so cool and badass, but they're extremely famous in the Roblox hacking scene.
Anyway, the de-obfuscation is so precise it borders on having the actual source code to SmartLoader. I am very happy. I will share it when I am not dealing with my baby.
Previously on Dragon Ball Z, someone DM'd me a spoopy GitHub they found. They asked if it was malware. It was malware.
The GitHub contained HEAVILY obfuscated Lua. The malware payload is using Prometheus Obfuscator.
Upon review, it was determined this malware is SmartLoader. SmartLoader is a malware campaign heavily associated with Rhadamanthys Stealer and StealC Stealer.
SmartLoader is relatively new and is being tracked by AhnLabs, TrendMicro, Hexastrike, McAfee, and the GitHub security team. It first emerged around March, 2024.
SmartLoader is pretty sophisticated. It is multi-staged, uses Polygon Smart Contracts for C2 information retrieval, and despite being Lua, it is also makes usage of NTDLL makes low-level WINAPI function invocations. One interesting attribute also is it programmatically inflates or deflates its file size for pseudo-polymorphism. This is extremely cool.
I mention this, and the whole cookin' thing, because after I made a post complaining about the obfuscated Lua, a very, very, very gifted person in Lua obfuscation and de-obfuscation contacted me and successfully deobfuscated it. I don't know if they want credit or not, because they're so cool and badass, but they're extremely famous in the Roblox hacking scene.
Anyway, the de-obfuscation is so precise it borders on having the actual source code to SmartLoader. I am very happy. I will share it when I am not dealing with my baby.
π€77β€35π₯14π4π2π₯°1π’1
This media is not supported in your browser
VIEW IN TELEGRAM
I've almost reverse engineered the SmartLoader obfuscated code all the way down to a working source code
You can't hide behind Prometheus you little bitch
You can't hide behind Prometheus you little bitch
π₯°95π₯23π±14π8β€7π3β€βπ₯2π2π€2π«‘2π1
vx-underground
I've almost reverse engineered the SmartLoader obfuscated code all the way down to a working source code You can't hide behind Prometheus you little bitch
I'm sorry, SmartLoader malware campaign, I shouldn't have called you a little bitch. That is very rude of me.
I am just passionate and have spent some time working on it, so my emotions are high.
I love you.
I am just passionate and have spent some time working on it, so my emotions are high.
I love you.
π€£109β€29π₯°16π7β€βπ₯1π1π1π€1π€―1π1
My deepest condolences to my colleagues in Venezuela and those impacted by the recent earthquakes.
I wish I had more to offer other than words. I hope you're all doing well and I hope you're all safe.
I wish I had more to offer other than words. I hope you're all doing well and I hope you're all safe.
β€117π’29π20π€2π₯°1
> be SmartLoader
> big ass fuck off malware campaign
> tracked by dozens of anti malware companies
> heavily obfuscated lua
> bamboozles everyone
> me jimmies rustled
> team up with roblox cheater nerd
> reverse engineer it back to src
> (almost done)
https://gist.github.com/vxunderground/aaa6a88823afc83b4f8a73366694966d
> big ass fuck off malware campaign
> tracked by dozens of anti malware companies
> heavily obfuscated lua
> bamboozles everyone
> me jimmies rustled
> team up with roblox cheater nerd
> reverse engineer it back to src
> (almost done)
https://gist.github.com/vxunderground/aaa6a88823afc83b4f8a73366694966d
Gist
SmartLoader de-obfuscated and cleaned up (almost done)
SmartLoader de-obfuscated and cleaned up (almost done) - gist:aaa6a88823afc83b4f8a73366694966d
π31π₯25π11β€9π€2