Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
Malware Analysis - Deobfuscating Loyeetro Trojan-Spy
#1

Published on Aug 16, 2017
The strings of this trojan-spy are obfuscated. We figure out that this is a monoalphabethic substitution cipher and patch the trojan to retrieve the substitution alphabet. Then we write a deobfuscation script with Python to make sense of the strings.

Follow me on Twitter: @struppigel
And MalwareBlocker: @Malware_Blocker

Unpacking Loyeetro: https://www.youtube.com/watch?v=iXY2a...
Monitoring Loyeetro (MalwareBlocker): https://www.youtube.com/watch?v=J3Whs...

Sample: https://www.hybrid-analysis.com/sampl...
x64dbg: https://x64dbg.com/
Notepad++: https://notepad-plus-plus.org/downloa...
Python: https://www.python.org/downloads/
Sysinternals Strings: https://docs.microsoft.com/en-us/sysi...
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Malware adds Any.Run sandbox detection to evade analysis tarekma7 2 3,454 07-14-2020 , 11:01 PM
Last Post: uyar64
  Trojan-Spy Analysis with Karsten baziroll 0 2,003 08-11-2017 , 12:50 AM
Last Post: baziroll
  Malware Analysis - Unpacking RunPE Loyeetro Trojan baziroll 0 2,275 08-09-2017 , 02:19 AM
Last Post: baziroll
  Malware Analysis - PortexAnalyzer Repair and Dump PE Files baziroll 0 2,499 08-07-2017 , 11:51 AM
Last Post: baziroll
  Malware Analysis - Creating a Decrypter for Alpha Ransomware Pt. 3 baziroll 0 2,270 08-02-2017 , 12:41 AM
Last Post: baziroll

Forum Jump:


Users browsing this thread: 1 Guest(s)