Research, Analysis & Reverse Engineering Lab
A collection of malware analysis notes, write-ups, and technical breakdowns.
This repository is a curated archive of malware research and reverse engineering documentation.
Each variant directory contains:
- Static and/or dynamic analysis based on the variant
- Indicators of compromise (IOCs)
- Behavioral and network observations (if applicable)
- Disassembly and decompilation analysis
The goal: to examine real-world malware through methodical investigation and to expand my binary analysis and execution chain analysis skillset. This project/blog is inspired by the blogs listed below and others. I highly recommend going and giving a read of any of their posts!
- L0psec (Chris Lopze) - Especially for MacOS malware analysis
- Russian Panda - Just great blogs
- Embee Research - CyberChef God
- Jai Minton - Great at verbally explaining analysis
- Bar Magnezi - Great analysis and includes solid analysis tips
For more researchers and reading opps, checkout reading.md.
⚡Current focus: CaminhoStealer to DcRat Infection Chain
malware-analysis/
├── README.md
├── Emotet/
│ ├── emotet_artefacts.zip
│ └── README.md
├── AgentTesla/
│ ├── agenttesla_artefacts.zip
│ └── README.md
├── _docs/
│ └── toolset.md
└── _scripts/
⚠️ WARNING:
If you choose to analyze malware samples yourself, always do so in a secure, isolated environment.
Run all tests inside a dedicated sandbox or virtual machine with no access to production networks, shared folders, or sensitive data.
Disable internet connectivity unless you’re using a controlled emulation framework (e.g., FakeNet-NG or INetSim).
Treat every file as potentially dangerous — even those obtained from reputable sources — and never execute malware on your host system.