The diary entry "Fileless Malicious PowerShell Sample" (https://isc.sans.edu/forums/diary/Fileless+Malicious+PowerShell+Sample/23081) helped me with some malware I am analyzing however I have gotten to the second part of the post where the embedded code needs to be disassembled to understand what is going on.
The anonymous poster in this entry shared the disassembled code. I have a basic understanding of assembly language but not this level.
Could someone share how you find the IP address from the given line?
0x000000b2 6802000a98 push 0x980a0002--> IP 220.127.116.11:2712
|thread locked Quote Subscribe||
Apr 15th 2020
2 years ago