all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Malware Analysis - .NETReactor deobfuscation and configuration extraction of AgentTesla

Add to bookmarks
Nov. 12, 2023, 7:43 a.m. | MalwareAnalysisForHedgehogs

MalwareAnalysisForHedgehogs www.youtube.com

This is the sample that we unpacked in the previous episode. It is obfuscated with .NETReactor. We use Shed to obtain decrypted strings and get an idea of what it is doing. Removing the obfuscation with NetReactorSlayer does not work out of the box. Is there a way we make it work to obtain the configuration values?

Tools: DnSpy, Shed, PortexAnalyzer, SystemInformer, NetReactorSlayer

Malware course: https://www.udemy.com/course/windows-malware-analysis-for-hedgehogs-beginner-training/?couponCode=CE8D957072A4B79B5EB2
Sample: https://malshare.com/sample.php?action=detail&hash=45dc4518fbf43bf4611446159f72cdbc37641707bb924bd2a52644a3af5bab76

Twitter: https://twitter.com/struppigel

00:00 Intro
00:25 Strings and DnSpy
03:37 Shed - decrypted …

agenttesla analysis box configuration deobfuscation doing malware malware analysis obfuscated obfuscation sample shed strings work

Visit resource

More from www.youtube.com / MalwareAnalysisForHedgehogs

How to deal with bloated malware #malwareanalysis #debloat #shorts 1 week, 1 day ago | www.youtube.com
deal malware malwareanalysis reverseengineering +2
Malware Analysis - D3f@ck loader from Inno Setup to JPHP 1 week, 5 days ago | www.youtube.com
analysis download engineer implementation +11
Reversing PyInstaller in 6 Steps #python #reverseengineering #pyinstaller #shorts 2 weeks, 6 days ago | www.youtube.com
decompile engineer extract file +8
Can PDFs be Malware? #malware #pdf #exploits #shorts 3 weeks, 2 days ago | www.youtube.com
can exploits malware pdf +4
Malware Simulators cannot test Antivirus Software 4 weeks ago | www.youtube.com
antivirus antivirus software capabilities malware +7
Triaging Files on VirusTotal 1 month, 1 week ago | www.youtube.com
can depth files find +11
Malware Analysis - JS to PowerShell to XWorm with Binary Refinery 2 months ago | www.youtube.com
analysis atom binary configuration +19
Malware Theory - Five Unpacking Methods and Generic Unpacking Approach 2 months, 2 weeks ago | www.youtube.com
breakpoints debugger emulation encryption +7
Binary Ninja - Fix unresolved stack pointer 3 months, 1 week ago | www.youtube.com
binary binary ninja fix function +1

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

CyberSOC Technical Lead

@ Integrity360 | Sandyford, Dublin, Ireland
View on infosec-jobs.com

Cyber Security Strategy Consultant

@ Capco | New York City
View on infosec-jobs.com

Cyber Security Senior Consultant

@ Capco | Chicago, IL
View on infosec-jobs.com

Sr. Product Manager

@ MixMode | Remote, US
View on infosec-jobs.com

Corporate Intern - Information Security (Year Round)

@ Associated Bank | US WI Remote
View on infosec-jobs.com

Senior Offensive Security Engineer

@ CoStar Group | US-DC Washington, DC
View on infosec-jobs.com