Malware Analysis - Agniane Stealer, Native Stub to .NET Unpacking | allinfosecnews.com

Aug. 19, 2023, 11:09 a.m. | MalwareAnalysisForHedgehogs

MalwareAnalysisForHedgehogs www.youtube.com

We trace API calls of a packed native file using hasherezade's tiny_tracer and discover that it unpacks a .NET payload. Using x64dbg we unpack the .NET assembly and find it unreadable, among others due to dr4k0nia's XOR string obfuscation.

Buy me a coffee: https://ko-fi.com/struppigel
Follow me on Twitter: https://twitter.com/struppigel

Sample: https://bazaar.abuse.ch/sample/63af1bc6256086131314311b5908c85399b95dda6c4c6e84c8d77bd1b4d1fc43

tiny_tracer: https://github.com/hasherezade/tiny_tracer
PortexAnalyzerGUI: https://github.com/struppigel/PortexAnalyzerGUI/releases/tag/0.12.12
x64dbg: https://help.x64dbg.com/en/latest/
de4dot: https://github.com/de4dot/de4dot
dnSpy: https://github.com/dnSpyEx/dnSpy

analysis api assembly discover file find malware malware analysis obfuscation payload stealer trace unpack unpacking x64dbg xor

More from www.youtube.com / MalwareAnalysisForHedgehogs

How to deal with bloated malware #malwareanalysis #debloat #shorts 1 week, 1 day ago | www.youtube.com

deal malware malwareanalysis reverseengineering +2

Malware Analysis - D3f@ck loader from Inno Setup to JPHP 1 week, 6 days ago | www.youtube.com

analysis download engineer implementation +11

Reversing PyInstaller in 6 Steps #python #reverseengineering #pyinstaller #shorts 3 weeks ago | www.youtube.com

decompile engineer extract file +8

Can PDFs be Malware? #malware #pdf #exploits #shorts 3 weeks, 2 days ago | www.youtube.com

can exploits malware pdf +4

Malware Simulators cannot test Antivirus Software 4 weeks, 1 day ago | www.youtube.com

antivirus antivirus software capabilities malware +7

Triaging Files on VirusTotal 1 month, 1 week ago | www.youtube.com

can depth files find +11

Malware Analysis - JS to PowerShell to XWorm with Binary Refinery 2 months ago | www.youtube.com

analysis atom binary configuration +19

Malware Theory - Five Unpacking Methods and Generic Unpacking Approach 2 months, 2 weeks ago | www.youtube.com

breakpoints debugger emulation encryption +7

Binary Ninja - Fix unresolved stack pointer 3 months, 1 week ago | www.youtube.com

binary binary ninja fix function +1

CyberSOC Technical Lead

@ Integrity360 | Sandyford, Dublin, Ireland

View on infosec-jobs.com

Cyber Security Strategy Consultant

@ Capco | New York City

View on infosec-jobs.com

Cyber Security Senior Consultant

@ Capco | Chicago, IL

View on infosec-jobs.com

Sr. Product Manager

@ MixMode | Remote, US

View on infosec-jobs.com

Security Compliance Strategist

@ Grab | Petaling Jaya, Malaysia

View on infosec-jobs.com

Cloud Security Architect, Lead

@ Booz Allen Hamilton | USA, VA, McLean (1500 Tysons McLean Dr)

View on infosec-jobs.com