2 posts in tag Malware Analysis

Tracing network data back to encryption

16 Jul 2020 by Mathieu - REVEN - Reverse Engineering Malware Analysis Analysis API Taint REVEN

In this video, we demonstrate how REVEN makes it possible to connect data sent through the network with the code that generated it beforehand. In our case, this reveals a decryption routine in a malware. The first step is to reconstruct a usable PCAP file from the trace to explore...

Analysis of the Uroburos malware with REVEN

12 Jun 2019 by Luc and Mathieu - Technical - Reverse Engineering Malware Analysis Windows Kernel Demo REVEN

In this post, we present how Timeless Analysis can be used to analyze a few mechanisms of a Uroburos recent version. We use REVEN and its integration with Volatility and IDA to detect indicators of compromise, analyze the dropping mechanisms and circumvent tricks the malware uses to hide itself. The...