Malware Analysis - 3CX SmoothOperator ffmpeg.dll with Binary Ninja
Рет қаралды 2,900
Күн бұрын
@MalwareAnalysisForHedgehogs Жыл бұрын
We analyze the trojanized ffmpeg.dll that was used in the supply chain attack called SmoothOperator. Me mark up the decompiled code in Binary Ninja and decrypt the next stage. Buy me a coffee: ko-fi.com/struppigel Follow me on Twitter: twitter.com/struppigel Tools: Binary Ninja: binary.ninja/ PortexAnalyzerGUI: github.com/struppigel/PortexAnalyzerGUI/releases/tag/0.12.9 Sysinternals: learn.microsoft.com/en-us/sysinternals/downloads/strings Samples: ffmpeg: bazaar.abuse.ch/sample/7986bbaee8940da11ce089383521ab420c443ab7b15ed42aed91fd31ce833896 d3dcompiler_47.dll: bazaar.abuse.ch/sample/11be1803e2e307b647a8a7e02d128335c448ff741bf06bf52b332e0bbf423b03
@EvilSapphireR Жыл бұрын
Just found a sample in our AV company. Will complement my analysis with yours. Thank you!
@naveenjkondeti4214 Жыл бұрын
Great video, I wish I'm as fast as you.
@MalwareAnalysisForHedgehogs Жыл бұрын
I cut out very long silences so I am probably not as fast as you think. You can check out OALabs on Twitch for some live reversing to get a feel of the actual pace of reversing :D
@sven957 Жыл бұрын
love your videos!
@tonymack651 Жыл бұрын
Where can I get an infected msi file from?
@bhumiputra6108 Жыл бұрын
vx-underground
@MalwareAnalysisForHedgehogs Жыл бұрын
I did not upload it at malwarebazaar because it is too big for that. But it seems there is another page that can do that: tria.ge/230330-3nzfjshc2s
@tonymack651 Жыл бұрын
Thanks! You’re the best!
@bhumiputra6108 Жыл бұрын
I am a noob at malware analysis and lost you when you started renaming the functions. I still have no clue how you know where to look in the binary. Anyways would be watching this multiple time thanks for this informative video.
@MalwareAnalysisForHedgehogs Жыл бұрын
Thank you for your comment. You are welcome. It is not the best sample for beginners in reversing. You might want to get back at it later, then it will make more sense. A lot of the reversing process is pattern recognition which comes only with experience.
@_zproxy Жыл бұрын
have ye ever looked at tiberian sun game exe?
@MalwareAnalysisForHedgehogs Жыл бұрын
I haven't done game reversing so far
@_zproxy Жыл бұрын
@@MalwareAnalysisForHedgehogs have ye ever seen blowfish encryption being used?
@MalwareAnalysisForHedgehogs Жыл бұрын
@@_zproxy I do not specifically remember that. But that does not mean I haven't seen it. I am forgetful.
MalwareAnalysisForHedgehogs
Рет қаралды 1,1 М.
MalwareAnalysisForHedgehogs
Рет қаралды 2,3 М.