Discover and read the best of Twitter Threads about #DanaBot

Most recents (1)

Profile picture
Matthew
@embee_research
Potential #DanaBot Loader - De-Obfuscation using CyberChef and Python.

Sample: bazaar.abuse.ch/sample/80aad66…

C2: 0/90 VT
Script: 5/59 VT

[1/5] 👇

#Regex #python #cyberchef #malware ImageImageImageImage
[2/5] Note the initial script contains a large amount of junk comments to mask the "real" code.

These can be removed using #cyberchef and a short #regex.

Find and Replace
^(REM|').*\n ImageImage
[3/5] There are some long junk numbers scattered throughout the code.

Personally, I decoded with Python and an eval inside of a safe VM. ImageImage
Read 5 tweets

Related hashtags

#malware #python #regex #VirusTotal #DanaBot #cyberchef

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!