Malware Analysis - .NETReactor deobfuscation and configuration extraction of AgentTesla
1.7 هزار بار بازدید -
8 ماه پیش
-
This is the sample that
This is the sample that we unpacked in the previous episode. It is obfuscated with .NETReactor. We use Shed to obtain decrypted strings and get an idea of what it is doing. Removing the obfuscation with NetReactorSlayer does not work out of the box. Is there a way we make it work to obtain the configuration values?
Tools: DnSpy, Shed, PortexAnalyzer, SystemInformer, NetReactorSlayer
Malware course: https://www.udemy.com/course/windows-...
Sample: https://malshare.com/sample.php?actio...
Twitter: Twitter: struppigel
00:00 Intro
00:25 Strings and DnSpy
03:37 Shed - decrypted string extraction
07:46 NetReactorSlayer first attempt
10:39 NetReactorSlayer second attempt
13:00 Config decoding
#dotnet #netreactor #malware #reverseengineering #agenttesla #malwareanalysis
Tools: DnSpy, Shed, PortexAnalyzer, SystemInformer, NetReactorSlayer
Malware course: https://www.udemy.com/course/windows-...
Sample: https://malshare.com/sample.php?actio...
Twitter: Twitter: struppigel
00:00 Intro
00:25 Strings and DnSpy
03:37 Shed - decrypted string extraction
07:46 NetReactorSlayer first attempt
10:39 NetReactorSlayer second attempt
13:00 Config decoding
#dotnet #netreactor #malware #reverseengineering #agenttesla #malwareanalysis
8 ماه پیش
در تاریخ 1402/08/20 منتشر شده
است.
1,719
بـار بازدید شده