all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Malware Analysis - .NETReactor deobfuscation and configuration extraction of AgentTesla

Add to bookmarks
Nov. 12, 2023, 7:43 a.m. | MalwareAnalysisForHedgehogs

MalwareAnalysisForHedgehogs www.youtube.com

This is the sample that we unpacked in the previous episode. It is obfuscated with .NETReactor. We use Shed to obtain decrypted strings and get an idea of what it is doing. Removing the obfuscation with NetReactorSlayer does not work out of the box. Is there a way we make it work to obtain the configuration values?

Tools: DnSpy, Shed, PortexAnalyzer, SystemInformer, NetReactorSlayer

Malware course: https://www.udemy.com/course/windows-malware-analysis-for-hedgehogs-beginner-training/?couponCode=CE8D957072A4B79B5EB2
Sample: https://malshare.com/sample.php?action=detail&hash=45dc4518fbf43bf4611446159f72cdbc37641707bb924bd2a52644a3af5bab76

Twitter: https://twitter.com/struppigel

00:00 Intro
00:25 Strings and DnSpy
03:37 Shed - decrypted …

agenttesla analysis box configuration deobfuscation doing malware malware analysis obfuscated obfuscation sample shed strings work

Visit resource

More from www.youtube.com / MalwareAnalysisForHedgehogs

Triaging Files on VirusTotal 1 week ago | www.youtube.com
can depth files find +11
Malware Analysis - JS to PowerShell to XWorm with Binary Refinery 3 weeks, 6 days ago | www.youtube.com
analysis atom binary configuration +19
Malware Theory - Five Unpacking Methods and Generic Unpacking Approach 1 month, 1 week ago | www.youtube.com
breakpoints debugger emulation encryption +7
Binary Ninja - Fix unresolved stack pointer 2 months ago | www.youtube.com
binary binary ninja fix function +1
Malware Analysis - Unpacking AutoIt stub with large obfuscated script 3 months ago | www.youtube.com
analysis autoit decrypt decryption +14
Malware Analysis - C2 extractor for Turla's Kopiluwak using Binary Refinery 3 months, 1 week ago | www.youtube.com
analysis apt beginners binary +16
Malware Analysis - 3 ways to deobfuscate JScript and JavaScript malware 4 months ago | www.youtube.com
analysis code cons current +18
Malware Analysis - .NETReactor deobfuscation and configuration extraction of AgentTesla 5 months, 2 weeks ago | www.youtube.com
agenttesla analysis box configuration +10
Malware Analysis - ZPAQ to .NET downloader to Injector DLL unpacking 5 months, 3 weeks ago | www.youtube.com
analysis archive binary deal +15

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Open-Source Intelligence (OSINT) Policy Analyst (TS/SCI)

@ WWC Global | Reston, Virginia, United States
View on infosec-jobs.com

Security Architect (DevSecOps)

@ EUROPEAN DYNAMICS | Brussels, Brussels, Belgium
View on infosec-jobs.com

Infrastructure Security Architect

@ Ørsted | Kuala Lumpur, MY
View on infosec-jobs.com

Contract Penetration Tester

@ Evolve Security | United States - Remote
View on infosec-jobs.com

Senior Penetration Tester

@ DigitalOcean | Canada
View on infosec-jobs.com
View more jobs