Beginner Malware Analysis: DCRat with dnSpy (Stream 03/06/2025)
In this stream we analyzed a DCRat .NET assembly with dnSpy, wrote Python automation to decrypt its configuration items, found additional samples with unpac.me and Yara, then tested our decryption script against additional samples.
Learn how to reverse engineer malware: https://training.invokere.com/
Notes: https://github.com/Invoke-RE/stream-notes/tree/main/dcrat
Twitch: https://www.twitch.tv/InvokeReversing
Twitter: https://twitter.com/InvokeReversing
BlueSky: https://bsky.app/profile/invokereversing.bsky.social/
Mastodon: https://infosec.exchange/@invokereversing
Introduction 00:00
Global Setting Decryption 05:50
Anti-Analysis 14:38
Mutex Creation 17:47
Process Killing Thread 18:24
Privilege and BSOD Protection 20:59
Persistence 23:17
Clear Settings 27:46
AMSI Bypass 28:14
Command and Control 33:14
Camera Functionality 37:10
Hardware ID Generation 37:52
Information Collection 38:50
Decrypting Configuration Items with Cyberchef 40:19
Decrypting Configuration with Python dncil 53:15
Python Decryption Working with dncil 01:25:22
Testing Against Other Samples 01:26:48
Writing Yara to Find More Samples 01:29:26
Testing with AssemblyLine 01:33:37
Видео Beginner Malware Analysis: DCRat with dnSpy (Stream 03/06/2025) канала Invoke RE
Learn how to reverse engineer malware: https://training.invokere.com/
Notes: https://github.com/Invoke-RE/stream-notes/tree/main/dcrat
Twitch: https://www.twitch.tv/InvokeReversing
Twitter: https://twitter.com/InvokeReversing
BlueSky: https://bsky.app/profile/invokereversing.bsky.social/
Mastodon: https://infosec.exchange/@invokereversing
Introduction 00:00
Global Setting Decryption 05:50
Anti-Analysis 14:38
Mutex Creation 17:47
Process Killing Thread 18:24
Privilege and BSOD Protection 20:59
Persistence 23:17
Clear Settings 27:46
AMSI Bypass 28:14
Command and Control 33:14
Camera Functionality 37:10
Hardware ID Generation 37:52
Information Collection 38:50
Decrypting Configuration Items with Cyberchef 40:19
Decrypting Configuration with Python dncil 53:15
Python Decryption Working with dncil 01:25:22
Testing Against Other Samples 01:26:48
Writing Yara to Find More Samples 01:29:26
Testing with AssemblyLine 01:33:37
Видео Beginner Malware Analysis: DCRat with dnSpy (Stream 03/06/2025) канала Invoke RE
Комментарии отсутствуют
Информация о видео
21 июня 2025 г. 21:56:10
01:35:19
Другие видео канала
Reverse Engineering with AI: Binary Ninja MCP Development Stream (20/05/2025)
x64dbg Christmas Theme
Stealer Malware Analysis Part 3 (Stream - 22/04/2025)
Exploring the Sliver and Havoc C2 Frameworks (Stream - 30-03-2024)
Introduction to Malware Binary Triage (Course Trailer)
Time Travel Debugging in Binary Ninja with Xusheng Li
Analyzing and Unpacking Qakbot Using Binary Ninja Automation Part 2
Malware Network Monitoring (Course Preview)
Golang Deobfuscation with Binary Ninja (Stream - 04/01/2025)
Binary Ninja Sidekick 2.0: Analyzing Ransomware with Large Language Models
Malware Loader Reverse Engineering with IDA Pro (Stream - 06/05/2025)
Binary Ninja Sidekick: Reverse Engineering Malware with Large Language Models
BRC4 Malware Analysis and Deobfuscation (Stream - 9/11/2024)
Introduction to Malware Binary Triage Course (Binary Ninja Edition)
IDA Hex-Rays Automation for BRC4 Obfuscation (Stream - 22/12/2024)
AI Malware Reverse Engineering with Binary Ninja MCP Server (Stream - 11/04/2025)
IMBT Binary Ninja Edition Teaser
Stealer Malware Analysis Part 2 (Stream - 15/04/2025)
Beginner Malware Analysis: Babuk Ransomware with IDA Pro (Stream - 13/05/2025)
Learning IDA Hex Rays Python API to Analyze Sliver Obfuscation (Stream - 21-06-2024)
