all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Malware Analysis - Creating a C2 URL decrypter for 3CX SmoothOperator Icons

Add to bookmarks
April 6, 2023, 9:25 a.m. | MalwareAnalysisForHedgehogs

MalwareAnalysisForHedgehogs www.youtube.com

To obtain more IoCs we analyse the second stage DLL that we decrypted in the first 3CX video. Then we create a CyberChef recipie that extracts and decrypts the C2 URLs. Afterwards we convert this recipie to a binary refinery snippet which allows us to do the same from the command line for all of the icons.

Buy me a coffee: https://ko-fi.com/struppigel
Follow me on Twitter: https://twitter.com/struppigel

Samples:
Icons: https://bazaar.abuse.ch/sample/2b5758f388027c53af132a2c7b28b3448b9869a81a5ce134c78330a3c31181f5/
3CXDesktopApp.msi: https://tria.ge/230330-3nzfjshc2s
ffmpeg: https://bazaar.abuse.ch/sample/7986bbaee8940da11ce089383521ab420c443ab7b15ed42aed91fd31ce833896
d3dcompiler_47.dll: https://bazaar.abuse.ch/sample/11be1803e2e307b647a8a7e02d128335c448ff741bf06bf52b332e0bbf423b03

Infection chain graphic: https://twitter.com/fr0gger_/status/1641668394155151366 …

3cx analysis binary command command line current cyberchef decrypter decryption dll function icon iocs key malware malware analysis recap shellcode stage url urls video

Visit resource

More from www.youtube.com / MalwareAnalysisForHedgehogs

Triaging Files on VirusTotal 1 week, 5 days ago | www.youtube.com
can depth files find +11
Malware Analysis - JS to PowerShell to XWorm with Binary Refinery 1 month ago | www.youtube.com
analysis atom binary configuration +19
Malware Theory - Five Unpacking Methods and Generic Unpacking Approach 1 month, 2 weeks ago | www.youtube.com
breakpoints debugger emulation encryption +7
Binary Ninja - Fix unresolved stack pointer 2 months, 1 week ago | www.youtube.com
binary binary ninja fix function +1
Malware Analysis - Unpacking AutoIt stub with large obfuscated script 3 months ago | www.youtube.com
analysis autoit decrypt decryption +14
Malware Analysis - C2 extractor for Turla's Kopiluwak using Binary Refinery 3 months, 1 week ago | www.youtube.com
analysis apt beginners binary +16
Malware Analysis - 3 ways to deobfuscate JScript and JavaScript malware 4 months ago | www.youtube.com
analysis code cons current +18
Malware Analysis - .NETReactor deobfuscation and configuration extraction of AgentTesla 5 months, 2 weeks ago | www.youtube.com
agenttesla analysis box configuration +10
Malware Analysis - ZPAQ to .NET downloader to Injector DLL unpacking 5 months, 3 weeks ago | www.youtube.com
analysis archive binary deal +15

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Social Engineer For Reverse Engineering Exploit Study

@ Independent study | Remote
View on infosec-jobs.com

Data Privacy Manager m/f/d)

@ Coloplast | Hamburg, HH, DE
View on infosec-jobs.com

Cybersecurity Sr. Manager

@ Eastman | Kingsport, TN, US, 37660
View on infosec-jobs.com

KDN IAM Associate Consultant

@ KPMG India | Hyderabad, Telangana, India
View on infosec-jobs.com

Learning Experience Designer in Cybersecurity (f/m/div.) (Salary: ~113.000 EUR p.a.*)

@ Bosch Group | Stuttgart, Germany
View on infosec-jobs.com

Senior Security Engineer - SIEM

@ Samsara | Remote - US
View on infosec-jobs.com
View more jobs