Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
m4n0w4r Profile picture
m4n0w4r
@kienbigmummy
Work hard in silence , let success make the noise.
Apr 23, 2021 4 tweets 3 min read
Diving into the #Lazarus sample that mentioned in nice blog tinyurl.com/mdyxr8m3. I recognized it uses 2 custom algorithms for decoding strings.
- 1st is modified RC4 to decrypt API functions name.
- 2nd is custom algo to decrypt C2 urls and user agent strings (1/4) For decrypting API functions name, it decode base64 string and call modified rc4 algo to decrypt the decoded base64 string (2/4).