all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Malware Analysis - C2 extractor for Turla's Kopiluwak using Binary Refinery

Add to bookmarks
Jan. 20, 2024, 7:59 a.m. | MalwareAnalysisForHedgehogs

MalwareAnalysisForHedgehogs www.youtube.com

We create a C2 extractor for APT malware Kopiluwak. For that we need to unpack two layers of code (JScript, VBA) and remove the slight obfuscation. The sample is suitable for beginners who want to train their RE skills with JScript, VBA and C2 extraction. You find the sample download below.

Malware Analysis course: https://www.udemy.com/course/windows-malware-analysis-for-hedgehogs-beginner-training/?couponCode=F880CDBE6684E44EB9F8

binary refinery: https://github.com/binref/refinery
oletools: https://github.com/decalage2/oletools
sample: https://bazaar.abuse.ch/sample/2299ff9c7e5995333691f3e68373ebbb036aa619acd61cbea6c5210490699bb6/
kopiluwak on malpedia: https://malpedia.caad.fkie.fraunhofer.de/details/js.kopiluwak

Follow me on Twitter: https://twitter.com/struppigel

00:00 Intro
01:30 Triage
02:28 VBA extraction and deobfuscation …

analysis apt beginners binary code extraction find jscript malware malware analysis obfuscation refinery remove sample skills suitable train turla unpack vba

Visit resource

More from www.youtube.com / MalwareAnalysisForHedgehogs

Triaging Files on VirusTotal 1 week, 4 days ago | www.youtube.com
can depth files find +11
Malware Analysis - JS to PowerShell to XWorm with Binary Refinery 1 month ago | www.youtube.com
analysis atom binary configuration +19
Malware Theory - Five Unpacking Methods and Generic Unpacking Approach 1 month, 2 weeks ago | www.youtube.com
breakpoints debugger emulation encryption +7
Binary Ninja - Fix unresolved stack pointer 2 months ago | www.youtube.com
binary binary ninja fix function +1
Malware Analysis - Unpacking AutoIt stub with large obfuscated script 3 months ago | www.youtube.com
analysis autoit decrypt decryption +14
Malware Analysis - C2 extractor for Turla's Kopiluwak using Binary Refinery 3 months, 1 week ago | www.youtube.com
analysis apt beginners binary +16
Malware Analysis - 3 ways to deobfuscate JScript and JavaScript malware 4 months ago | www.youtube.com
analysis code cons current +18
Malware Analysis - .NETReactor deobfuscation and configuration extraction of AgentTesla 5 months, 2 weeks ago | www.youtube.com
agenttesla analysis box configuration +10
Malware Analysis - ZPAQ to .NET downloader to Injector DLL unpacking 5 months, 3 weeks ago | www.youtube.com
analysis archive binary deal +15

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Azure DevSecOps Cloud Engineer II

@ Prudent Technology | McLean, VA, USA
View on infosec-jobs.com

Security Engineer III - Python, AWS

@ JPMorgan Chase & Co. | Bengaluru, Karnataka, India
View on infosec-jobs.com

SOC Analyst (Threat Hunter)

@ NCS | Singapore, Singapore
View on infosec-jobs.com

Managed Services Information Security Manager

@ NTT DATA | Sydney, Australia
View on infosec-jobs.com

Senior Security Engineer (Remote)

@ Mattermost | United Kingdom
View on infosec-jobs.com

Penetration Tester (Part Time & Remote)

@ TestPros | United States - Remote
View on infosec-jobs.com
View more jobs