String Deobfuscation using SMT Solver

Most malware authors employ string obfuscation techniques to hide important strings from malware analysts. Usually, my approach to deobfuscating these strings would be to either execute the malware sample under a debugger or codify the decoding scheme in a high-level language like Python. These methods work well. Even if the malware employs anti-debugging techniques, they... Continue Reading →

Advertisements

Using Steganography to Distribute Malware?

Steganography is a well-known concept. It involves hiding secret data inside another carrier file. In general, the carrier is usually an image, video or text file. Unlike encryption, steganography is not very obvious to detect - one cannot judge that steganography was used just by looking at an image or video or text file. It... Continue Reading →

Threat Intelligence – ste.exe

In the last article about Threat Intelligence, we looked at a sample named,┬álogin. Although it wasn’t a PE file, the HTML document gave us a fair amount of information. In this article, we’ll look at a malware sample,┬áste.exe that I was able to acquire using the OSINT tool Daily-dose-of-malware. There were two domains which sourced […]

Powered by WordPress.com.

Up ↑

Create your website at WordPress.com
Get started