all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Malware Analysis - Creating a C2 URL decrypter for 3CX SmoothOperator Icons

Add to bookmarks
April 6, 2023, 9:25 a.m. | MalwareAnalysisForHedgehogs

MalwareAnalysisForHedgehogs www.youtube.com

To obtain more IoCs we analyse the second stage DLL that we decrypted in the first 3CX video. Then we create a CyberChef recipie that extracts and decrypts the C2 URLs. Afterwards we convert this recipie to a binary refinery snippet which allows us to do the same from the command line for all of the icons.

Buy me a coffee: https://ko-fi.com/struppigel
Follow me on Twitter: https://twitter.com/struppigel

Samples:
Icons: https://bazaar.abuse.ch/sample/2b5758f388027c53af132a2c7b28b3448b9869a81a5ce134c78330a3c31181f5/
3CXDesktopApp.msi: https://tria.ge/230330-3nzfjshc2s
ffmpeg: https://bazaar.abuse.ch/sample/7986bbaee8940da11ce089383521ab420c443ab7b15ed42aed91fd31ce833896
d3dcompiler_47.dll: https://bazaar.abuse.ch/sample/11be1803e2e307b647a8a7e02d128335c448ff741bf06bf52b332e0bbf423b03

Infection chain graphic: https://twitter.com/fr0gger_/status/1641668394155151366 …

3cx analysis binary command command line current cyberchef decrypter decryption dll function icon iocs key malware malware analysis recap shellcode stage url urls video

Visit resource

More from www.youtube.com / MalwareAnalysisForHedgehogs

How to deal with bloated malware #malwareanalysis #debloat #shorts 1 week, 1 day ago | www.youtube.com
deal malware malwareanalysis reverseengineering +2
Malware Analysis - D3f@ck loader from Inno Setup to JPHP 1 week, 6 days ago | www.youtube.com
analysis download engineer implementation +11
Reversing PyInstaller in 6 Steps #python #reverseengineering #pyinstaller #shorts 2 weeks, 6 days ago | www.youtube.com
decompile engineer extract file +8
Can PDFs be Malware? #malware #pdf #exploits #shorts 3 weeks, 2 days ago | www.youtube.com
can exploits malware pdf +4
Malware Simulators cannot test Antivirus Software 4 weeks, 1 day ago | www.youtube.com
antivirus antivirus software capabilities malware +7
Triaging Files on VirusTotal 1 month, 1 week ago | www.youtube.com
can depth files find +11
Malware Analysis - JS to PowerShell to XWorm with Binary Refinery 2 months ago | www.youtube.com
analysis atom binary configuration +19
Malware Theory - Five Unpacking Methods and Generic Unpacking Approach 2 months, 2 weeks ago | www.youtube.com
breakpoints debugger emulation encryption +7
Binary Ninja - Fix unresolved stack pointer 3 months, 1 week ago | www.youtube.com
binary binary ninja fix function +1

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

CyberSOC Technical Lead

@ Integrity360 | Sandyford, Dublin, Ireland
View on infosec-jobs.com

Cyber Security Strategy Consultant

@ Capco | New York City
View on infosec-jobs.com

Cyber Security Senior Consultant

@ Capco | Chicago, IL
View on infosec-jobs.com

Sr. Product Manager

@ MixMode | Remote, US
View on infosec-jobs.com

Corporate Intern - Information Security (Year Round)

@ Associated Bank | US WI Remote
View on infosec-jobs.com

Senior Offensive Security Engineer

@ CoStar Group | US-DC Washington, DC
View on infosec-jobs.com