Malware Analysis - 3 ways to deobfuscate JScript and JavaScript malware | allinfosecnews.com

Dec. 26, 2023, 7:14 a.m. | MalwareAnalysisForHedgehogs

MalwareAnalysisForHedgehogs www.youtube.com

We use abstract syntax tree manipulation, regex search and replace and dynamic analysis to deobfuscate and unpack GootLoader. Each method has its own pros and cons.
GootLoader is an initial infector written in JScript. Current samples feature up to five layers of packed and obfuscated code.

Malware Analysis course: https://www.udemy.com/course/windows-malware-analysis-for-hedgehogs-beginner-training/?couponCode=DA55C06ECB33D9DF6AC5

extract called functions: https://github.com/struppigel/hedgehog-tools/tree/main/ECMAScript%20helpers
gootloader unpacker: https://github.com/struppigel/hedgehog-tools/tree/main/gootloader
sample: https://bazaar.abuse.ch/sample/1bc77b013c83b5b075c3d3c403da330178477843fc2d8326d90e495a61fbb01f/

Follow me on Twitter: https://twitter.com/struppigel

00:00 Introduction
00:26 First Layer - extract relevant functions
07:24 Regex deobfuscation
14:05 Abstract syntax tree …

analysis code cons current dynamic dynamic analysis feature gootloader introduction javascript javascript malware jscript malware malware analysis manipulation obfuscated obfuscated code own regex search unpack written

More from www.youtube.com / MalwareAnalysisForHedgehogs

Triaging Files on VirusTotal 1 week, 4 days ago | www.youtube.com

can depth files find +11

Malware Analysis - JS to PowerShell to XWorm with Binary Refinery 1 month ago | www.youtube.com

analysis atom binary configuration +19

Malware Theory - Five Unpacking Methods and Generic Unpacking Approach 1 month, 2 weeks ago | www.youtube.com

breakpoints debugger emulation encryption +7

Binary Ninja - Fix unresolved stack pointer 2 months ago | www.youtube.com

binary binary ninja fix function +1

Malware Analysis - Unpacking AutoIt stub with large obfuscated script 3 months ago | www.youtube.com

analysis autoit decrypt decryption +14

Malware Analysis - C2 extractor for Turla's Kopiluwak using Binary Refinery 3 months, 1 week ago | www.youtube.com

analysis apt beginners binary +16

Malware Analysis - 3 ways to deobfuscate JScript and JavaScript malware 4 months ago | www.youtube.com

analysis code cons current +18

Malware Analysis - .NETReactor deobfuscation and configuration extraction of AgentTesla 5 months, 2 weeks ago | www.youtube.com

agenttesla analysis box configuration +10

Malware Analysis - ZPAQ to .NET downloader to Injector DLL unpacking 5 months, 3 weeks ago | www.youtube.com

analysis archive binary deal +15

Senior Security Researcher

@ Microsoft | Redmond, Washington, United States

View on infosec-jobs.com

Sr. Cyber Risk Analyst

@ American Heart Association | Dallas, TX, United States

View on infosec-jobs.com

Cybersecurity Engineer 2/3

@ Scaled Composites, LLC | Mojave, CA, US

View on infosec-jobs.com

Information Security Operations Manager

@ DP World | Charlotte, NC, United States

View on infosec-jobs.com

Sr Cyber Security Engineer I

@ Staples | Framingham, MA, United States

View on infosec-jobs.com

Security Engineer - Heartland (Remote)

@ GuidePoint Security LLC | Remote in the US

View on infosec-jobs.com