Empowering Malware Analysis with IDA AppCall
sbc-vn
3,340 views
61 slides
Oct 03, 2024
Slide 1 of 61
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
About This Presentation
Empowering Malware Analysis
with IDA AppCall
Slide Content
Empowering Malware Analysis
with IDA AppCall
m4n0w4r
10/1/2024 1
#Security_Bootcamp_2024 #Phú_Quốc
with IDA AppCall
m4n0w4r
10/1/2024 1
#Security_Bootcamp_2024 #Phú_Quốc
#Wh0_4m_1?
10/1/2024 Empowering Malware Analysis with IDA AppCall Feature 2
10/1/2024 Empowering Malware Analysis with IDA AppCall Feature 2
What we will cover
10/1/2024 Empowering Malware Analysis with IDA AppCall Feature 3
10/1/2024 Empowering Malware Analysis with IDA AppCall Feature 3
Summary of Appcall in IDA (1)
•
•
•
•
10/1/2024 Empowering Malware Analysis with IDA AppCall Feature 4
•
•
•
•
10/1/2024 Empowering Malware Analysis with IDA AppCall Feature 4
Summary of Appcall in IDA (2)
•
•
•
•
10/1/2024 Empowering Malware Analysis with IDA AppCall Feature 5
•
•
•
•
10/1/2024 Empowering Malware Analysis with IDA AppCall Feature 5
A simple example (1)
10/1/2024 Empowering Malware Analysis with IDA AppCall Feature 6
10/1/2024 Empowering Malware Analysis with IDA AppCall Feature 6
A simple example (2)
10/1/2024 Empowering Malware Analysis with IDA AppCall Feature 7
10/1/2024 Empowering Malware Analysis with IDA AppCall Feature 7
A simple example (3)
10/1/2024 Empowering Malware Analysis with IDA AppCall Feature 8
10/1/2024 Empowering Malware Analysis with IDA AppCall Feature 8
A Great Explanation Video
10/1/2024 Empowering Malware Analysis with IDA AppCall Feature 9
10/1/2024 Empowering Malware Analysis with IDA AppCall Feature 9
Quote Of The Day
10/1/2024 Empowering Malware Analysis with IDA AppCall Feature 10
10/1/2024 Empowering Malware Analysis with IDA AppCall Feature 10
LOKIBOT
10/1/2024 11
10/1/2024 11
LokiBot (1)
10/1/2024 Empowering Malware Analysis with IDA AppCall Feature 12
10/1/2024 Empowering Malware Analysis with IDA AppCall Feature 12
LokiBot (2)
10/1/2024 Empowering Malware Analysis with IDA AppCall Feature 13
10/1/2024 Empowering Malware Analysis with IDA AppCall Feature 13
Our analysis
Reversing
LokiBot
10/1/2024 Empowering Malware Analysis with IDA AppCall Feature 14
Reversing
LokiBot
10/1/2024 Empowering Malware Analysis with IDA AppCall Feature 14
LokiBot Infection Chain
10/1/2024 Empowering Malware Analysis with IDA AppCall Feature 15
10/1/2024 Empowering Malware Analysis with IDA AppCall Feature 15
Dynamic Resolve API Functions
10/1/2024 Empowering Malware Analysis with IDA AppCall Feature 16
10/1/2024 Empowering Malware Analysis with IDA AppCall Feature 16
Hardcore Reverser –try hard to understand logic
10/1/2024 Empowering Malware Analysis with IDA AppCall Feature 17
10/1/2024 Empowering Malware Analysis with IDA AppCall Feature 17
Hardcore Reverser –reimplement code
10/1/2024 Empowering Malware Analysis with IDA AppCall Feature 18
10/1/2024 Empowering Malware Analysis with IDA AppCall Feature 18
Extreme Reverser –try to find lazy way
•
•
•
10/1/2024 Empowering Malware Analysis with IDA AppCall Feature 19
•
•
•
10/1/2024 Empowering Malware Analysis with IDA AppCall Feature 19
Recover API Name with IDA AppCall (1)
•
10/1/2024 Empowering Malware Analysis with IDA AppCall Feature 20
•
10/1/2024 Empowering Malware Analysis with IDA AppCall Feature 20
Recover API Name with IDA AppCall (2)
•
10/1/2024 Empowering Malware Analysis with IDA AppCall Feature 21
•
10/1/2024 Empowering Malware Analysis with IDA AppCall Feature 21
Recover API Name with IDA AppCall (3)
•
10/1/2024 Empowering Malware Analysis with IDA AppCall Feature 22
•
10/1/2024 Empowering Malware Analysis with IDA AppCall Feature 22
Recover API Name with IDA AppCall (4)
10/1/2024 Empowering Malware Analysis with IDA AppCall Feature 23
10/1/2024 Empowering Malware Analysis with IDA AppCall Feature 23
Result
10/1/2024 Empowering Malware Analysis with IDA AppCall Feature 24
10/1/2024 Empowering Malware Analysis with IDA AppCall Feature 24
10/1/2024 Empowering Malware Analysis with IDA AppCall Feature 25
Our analysis
EMOTET
10/1/2024 26
EMOTET
10/1/2024 26
For those who don’t know (1)
10/1/2024 Empowering Malware Analysis with IDA AppCall Feature 27
10/1/2024 Empowering Malware Analysis with IDA AppCall Feature 27
For those who don’t know (2)
10/1/2024 Empowering Malware Analysis with IDA AppCall Feature 28
10/1/2024 Empowering Malware Analysis with IDA AppCall Feature 28
For those who don’t know (3)
•
10/1/2024 Empowering Malware Analysis with IDA AppCall Feature 29
•
10/1/2024 Empowering Malware Analysis with IDA AppCall Feature 29
For those who don’t know (4)
10/1/2024 Empowering Malware Analysis with IDA AppCall Feature 30
10/1/2024 Empowering Malware Analysis with IDA AppCall Feature 30
For those who don’t know (5)
10/1/2024 Empowering Malware Analysis with IDA AppCall Feature 31
10/1/2024 Empowering Malware Analysis with IDA AppCall Feature 31
For those who don’t know (6)
10/1/2024 Empowering Malware Analysis with IDA AppCall Feature 32
10/1/2024 Empowering Malware Analysis with IDA AppCall Feature 32
For those who don’t know (7)
10/1/2024 Empowering Malware Analysis with IDA AppCall Feature 33
10/1/2024 Empowering Malware Analysis with IDA AppCall Feature 33
And Meme Everywhere…
10/1/2024 Empowering Malware Analysis with IDA AppCall Feature 34
10/1/2024 Empowering Malware Analysis with IDA AppCall Feature 34
For those who don’t know (8)
10/1/2024 Empowering Malware Analysis with IDA AppCall Feature 35
10/1/2024 Empowering Malware Analysis with IDA AppCall Feature 35
From “Dong Lao” with Love
10/1/2024 Empowering Malware Analysis with IDA AppCall Feature 36
10/1/2024 Empowering Malware Analysis with IDA AppCall Feature 36
From “Dong Lao” with Love
10/1/2024 Empowering Malware Analysis with IDA AppCall Feature 37
10/1/2024 Empowering Malware Analysis with IDA AppCall Feature 37
Our analysis
Reversing
Emotet
10/1/2024 38
Reversing
Emotet
10/1/2024 38
Reversing Engineering Emotet
10/1/2024 Empowering Malware Analysis with IDA AppCall Feature 39
10/1/2024 Empowering Malware Analysis with IDA AppCall Feature 39
Context (1)
10/1/2024 Empowering Malware Analysis with IDA AppCall Feature 40
10/1/2024 Empowering Malware Analysis with IDA AppCall Feature 40
Context (2)
10/1/2024 Empowering Malware Analysis with IDA AppCall Feature 41
10/1/2024 Empowering Malware Analysis with IDA AppCall Feature 41
Decrypt Strings
•
10/1/2024 Empowering Malware Analysis with IDA AppCall Feature 42
•
10/1/2024 Empowering Malware Analysis with IDA AppCall Feature 42
Decrypt Strings (1)
•
10/1/2024 Empowering Malware Analysis with IDA AppCall Feature 43
•
10/1/2024 Empowering Malware Analysis with IDA AppCall Feature 43
Decrypt Strings (2)
•
10/1/2024 Empowering Malware Analysis with IDA AppCall Feature 44
•
10/1/2024 Empowering Malware Analysis with IDA AppCall Feature 44
Decrypt Strings (3) (Pseudocode)
10/1/2024 Empowering Malware Analysis with IDA AppCall Feature 45
10/1/2024 Empowering Malware Analysis with IDA AppCall Feature 45
Decrypt Strings (4) (Verify)
•
•
10/1/2024 Empowering Malware Analysis with IDA AppCall Feature 46
•
•
10/1/2024 Empowering Malware Analysis with IDA AppCall Feature 46
Decrypt Strings (5) (Solution?)
•
•
•
•
10/1/2024 Empowering Malware Analysis with IDA AppCall Feature 47
•
•
•
•
10/1/2024 Empowering Malware Analysis with IDA AppCall Feature 47
Recover Original Strings with IDA AppCall(1)
•
10/1/2024 Empowering Malware Analysis with IDA AppCall Feature 48
•
10/1/2024 Empowering Malware Analysis with IDA AppCall Feature 48
Recover Original Strings with IDA AppCall(2)
10/1/2024 Empowering Malware Analysis with IDA AppCall Feature 49
10/1/2024 Empowering Malware Analysis with IDA AppCall Feature 49
10/1/2024 Empowering Malware Analysis with IDA AppCall Feature 50
Extract C2s Configuration (1)
•
10/1/2024 Empowering Malware Analysis with IDA AppCall Feature 51
•
10/1/2024 Empowering Malware Analysis with IDA AppCall Feature 51
Extract C2s Configuration (2)
10/1/2024 Empowering Malware Analysis with IDA AppCall Feature 52
10/1/2024 Empowering Malware Analysis with IDA AppCall Feature 52
Extract C2s Configuration (3)
10/1/2024 Empowering Malware Analysis with IDA AppCall Feature 53
10/1/2024 Empowering Malware Analysis with IDA AppCall Feature 53
Extract C2s Configuration (4)
•
10/1/2024 Empowering Malware Analysis with IDA AppCall Feature 54
•
10/1/2024 Empowering Malware Analysis with IDA AppCall Feature 54
Automate Extract C2s using IDA AppCall(1)
•
10/1/2024 Empowering Malware Analysis with IDA AppCall Feature 55
•
10/1/2024 Empowering Malware Analysis with IDA AppCall Feature 55
Automate Extract C2s using IDA AppCall(2)
•
10/1/2024 Empowering Malware Analysis with IDA AppCall Feature 56
•
10/1/2024 Empowering Malware Analysis with IDA AppCall Feature 56
Automate Extract C2s using IDA AppCall(3)
10/1/2024 Empowering Malware Analysis with IDA AppCall Feature 57
10/1/2024 Empowering Malware Analysis with IDA AppCall Feature 57
10/1/2024 Empowering Malware Analysis with IDA AppCall Feature 58
Resources
•
•
•
•
•
•
•
•
•
10/1/2024 Empowering Malware Analysis with IDA AppCall Feature 59
•
•
•
•
•
•
•
•
•
10/1/2024 Empowering Malware Analysis with IDA AppCall Feature 59
Resources
•
•
•
•
•
•
•
•
10/1/2024 Empowering Malware Analysis with IDA AppCall Feature 60
•
•
•
•
•
•
•
•
10/1/2024 Empowering Malware Analysis with IDA AppCall Feature 60
End…
10/1/2024 61
10/1/2024 61
Categories
GeneralDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 3,340
- Slides 61
- Age 425 days
Related Slideshows
22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
30 views
26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
32 views
31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
30 views
14
Fertility awareness methods for women in the society
Isaiah47
29 views
35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
26 views
5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
28 views