I often use commandline tools for malware analysis, like for the BASE64/XOR decoding I did in my last diary entry. Of course, there are alternatives if you prefer to use a tool with a graphical user interface. Like the online tool CyberChef. Here I'm illustrating how I use CyberChef to decode the obfuscated URL from last diary entry's sample: First I drag-and-drop the "From BASE64" operation to the recipe: Then I provide the obfuscated URL (IDc1O2ltbFs9KCc9JjZbPi5DNSZiNicqbC00ITQsI0YiXCItXjo4V2gqSlY=) as input: Finally I drag-and-drop the "XOR" operation to the recipe, and provide the key (HCAKSBC2PIUVCB2PI3GILUHGCIUGUYO2F3UC2UY3FO23OUYCF32OYUDHOYGU32FVYUO23GF) as UTF8 text:
Didier Stevens |
DidierStevens 532 Posts ISC Handler Oct 16th 2018 |
Thread locked Subscribe |
Oct 16th 2018 2 years ago |
Sign Up for Free or Log In to start participating in the conversation!