Malware Analysis Guides

Malware Analysis Guides

How to Use Process Hacker and DnSpy to Unpack .NET Malware

Unpacking an Asyncrat loader using Process Hacker and Dnspy

Malware Analysis Guides

Remcos Downloader Analysis - Manual Deobfuscation of Visual Basic and Powershell

Decoding a Remcos Loader, leveraging regex, python and Cyberchef to identify IOCs.

Malware Analysis Guides

Understanding and Improving The Ghidra UI for Malware Analysis

Improving Malware Analysis Workflows by Modifying the default Ghidra UI.

Malware Analysis Guides

Cobalt Strike .VBS Loader - Decoding with Advanced CyberChef and Emulation

Manually decoding a Cobalt Strike .vbs Loader utilising advanced CyberChef and Shellcode Emulation.

Malware Analysis Guides

Cobalt Strike Malware Analysis With CyberChef and Emulation - .HTA Loader Example

Decoding a .hta script with CyberChef and analysing Shellcode with the SpeakEasy Emulator.

Malware Analysis Guides

Ghidra Tutorial - Using Entropy To Locate Cobalt Strike Decryption Functions

Using Ghidra Entropy Analysis to Identify a decryption function.

Malware Analysis Guides

How To Decode Visual Basic (.vbs) Malware - DarkGate Loader

Demonstrating basic techniques for decoding a darkgate .vbs loader.

Malware Analysis Guides

How To Write a Simple Configuration Extractor For .NET Malware - RevengeRAT

Introduction to dotnet configuration extraction. Leveraging RevengeRat and Python.

Malware Analysis Guides

Code Snippets For Dotnet Configuration Extractors

Useful code snippets for developing dotnet configuration extractors.

Malware Analysis Guides

AgentTesla Malware Analysis - How To Resolve API Hashes With Conditional Breakpoints

Analysis of a Multi-Stage Loader for AgentTesla. Covering Ghidra, Dnspy, X32dbg, API Hashing and more!

Malware Analysis Guides

Amadey Bot Malware Analysis - Static Analysis and C2 Extraction With Ghidra and x64Dbg

Using manual analysis to extract Amadey C2 information with Ghidra and x32dbg

Malware Analysis Guides

Dcrat Malware Analysis - How to Manually Decode a 3-Stage Malware Sample

Manual analysis and deobfuscation of a .NET based Dcrat. Touching on Custom Python Scripts, Cyberchef and .NET analysis with Dnspy.