all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Malware Analysis - Agniane Stealer, Native Stub to .NET Unpacking

Add to bookmarks
Aug. 19, 2023, 11:09 a.m. | MalwareAnalysisForHedgehogs

MalwareAnalysisForHedgehogs www.youtube.com

We trace API calls of a packed native file using hasherezade's tiny_tracer and discover that it unpacks a .NET payload. Using x64dbg we unpack the .NET assembly and find it unreadable, among others due to dr4k0nia's XOR string obfuscation.

Buy me a coffee: https://ko-fi.com/struppigel
Follow me on Twitter: https://twitter.com/struppigel

Sample: https://bazaar.abuse.ch/sample/63af1bc6256086131314311b5908c85399b95dda6c4c6e84c8d77bd1b4d1fc43

tiny_tracer: https://github.com/hasherezade/tiny_tracer
PortexAnalyzerGUI: https://github.com/struppigel/PortexAnalyzerGUI/releases/tag/0.12.12
x64dbg: https://help.x64dbg.com/en/latest/
de4dot: https://github.com/de4dot/de4dot
dnSpy: https://github.com/dnSpyEx/dnSpy

analysis api assembly discover file find malware malware analysis obfuscation payload stealer trace unpack unpacking x64dbg xor

Visit resource

More from www.youtube.com / MalwareAnalysisForHedgehogs

Triaging Files on VirusTotal 1 week, 6 days ago | www.youtube.com
can depth files find +11
Malware Analysis - JS to PowerShell to XWorm with Binary Refinery 1 month ago | www.youtube.com
analysis atom binary configuration +19
Malware Theory - Five Unpacking Methods and Generic Unpacking Approach 1 month, 2 weeks ago | www.youtube.com
breakpoints debugger emulation encryption +7
Binary Ninja - Fix unresolved stack pointer 2 months, 1 week ago | www.youtube.com
binary binary ninja fix function +1
Malware Analysis - Unpacking AutoIt stub with large obfuscated script 3 months ago | www.youtube.com
analysis autoit decrypt decryption +14
Malware Analysis - C2 extractor for Turla's Kopiluwak using Binary Refinery 3 months, 1 week ago | www.youtube.com
analysis apt beginners binary +16
Malware Analysis - 3 ways to deobfuscate JScript and JavaScript malware 4 months, 1 week ago | www.youtube.com
analysis code cons current +18
Malware Analysis - .NETReactor deobfuscation and configuration extraction of AgentTesla 5 months, 3 weeks ago | www.youtube.com
agenttesla analysis box configuration +10
Malware Analysis - ZPAQ to .NET downloader to Injector DLL unpacking 5 months, 4 weeks ago | www.youtube.com
analysis archive binary deal +15

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Senior Security Specialist, Forsah Technical and Vocational Education and Training (Forsah TVET) (NEW)

@ IREX | Ramallah, West Bank, Palestinian National Authority
View on infosec-jobs.com

Consultant(e) Junior Cybersécurité

@ Sia Partners | Paris, France
View on infosec-jobs.com

Senior Network Security Engineer

@ NielsenIQ | Mexico City, Mexico
View on infosec-jobs.com

Senior Consultant, Payment Intelligence

@ Visa | Washington, DC, United States
View on infosec-jobs.com

Corporate Counsel, Compliance

@ Okta | San Francisco, CA; Bellevue, WA; Chicago, IL; New York City; Washington, DC; Austin, TX
View on infosec-jobs.com

Security Operations Engineer

@ Samsara | Remote - US
View on infosec-jobs.com
View more jobs