Malware Analysis - 3CX SmoothOperator ffmpeg.dll with Binary Ninja | allinfosecnews.com

April 3, 2023, 12:20 p.m. | MalwareAnalysisForHedgehogs

MalwareAnalysisForHedgehogs www.youtube.com

We analyze the trojanized ffmpeg.dll that was used in the supply chain attack called SmoothOperator. Me mark up the decompiled code in Binary Ninja and decrypt the next stage.

Buy me a coffee: https://ko-fi.com/struppigel
Follow me on Twitter: https://twitter.com/struppigel

Tools:
Binary Ninja: https://binary.ninja/
PortexAnalyzerGUI: https://github.com/struppigel/PortexAnalyzerGUI/releases/tag/0.12.9
Sysinternals: https://learn.microsoft.com/en-us/sysinternals/downloads/stringsSamples:ffmpeg: https://bazaar.abuse.ch/sample/7986bbaee8940da11ce089383521ab420c443ab7b15ed42aed91fd31ce833896

d3dcompiler_47.dll: https://bazaar.abuse.ch/sample/11be1803e2e307b647a8a7e02d128335c448ff741bf06bf52b332e0bbf423b03

00:00 Intro
00:36 Bleepingcomputer article
03:03 3CXDesktopApp.msi unpacking
03:50 Finding the malicious code
09:00 Marking up the code in Binary Ninja
19:24 Certificate parser markup
30:51 Decryption function
33:31 Unpacking …

3cx 3cxdesktopapp analysis article attack binary binary ninja bleepingcomputer called certificate code decrypt decryption dll ffmpeg function malicious malware malware analysis mark markup msi stage supply supply chain supply chain attack tools unpacking

More from www.youtube.com / MalwareAnalysisForHedgehogs

Malware Analysis - JS to PowerShell to XWorm with Binary Refinery 2 weeks, 1 day ago | www.youtube.com

analysis atom binary configuration +19

Malware Theory - Five Unpacking Methods and Generic Unpacking Approach 4 weeks, 2 days ago | www.youtube.com

breakpoints debugger emulation encryption +7

Binary Ninja - Fix unresolved stack pointer 1 month, 3 weeks ago | www.youtube.com

binary binary ninja fix function +1

Malware Analysis - Unpacking AutoIt stub with large obfuscated script 2 months, 2 weeks ago | www.youtube.com

analysis autoit decrypt decryption +14

Malware Analysis - C2 extractor for Turla's Kopiluwak using Binary Refinery 2 months, 3 weeks ago | www.youtube.com

analysis apt beginners binary +16

Malware Analysis - 3 ways to deobfuscate JScript and JavaScript malware 3 months, 3 weeks ago | www.youtube.com

analysis code cons current +18

Malware Analysis - .NETReactor deobfuscation and configuration extraction of AgentTesla 5 months ago | www.youtube.com

agenttesla analysis box configuration +10

Malware Analysis - ZPAQ to .NET downloader to Injector DLL unpacking 5 months, 1 week ago | www.youtube.com

analysis archive binary deal +15

Hiding .NET IL code from DnSpy with R2R Stomping 6 months ago | www.youtube.com

antivirus binary called code +6

Information Security Engineers

@ D. E. Shaw Research | New York City

View on infosec-jobs.com

Strategic Portfolio Leader - Communications and Electronic Warfare

@ Babcock | Bristol, GB, BS16 1EJ

View on infosec-jobs.com

Senior Security Analyst (GRC)

@ ASOS | London, United Kingdom

View on infosec-jobs.com

Ingénieur(e) Réseaux et Firewalling Cybersécurité - Toulouse

@ Sopra Steria | Colomiers, France

View on infosec-jobs.com

Security Lead - Malaysia

@ Control Risks | Kuala Lumpur, Federal Territory of Kuala Lumpur, Malaysia

View on infosec-jobs.com

Cyber Security Engineer

@ Ecolab | IND-Bengaluru

View on infosec-jobs.com