Reverse Engineering Warzone RAT - Part 1

Join us as we reverse engineer Warzone Rat!
Expand for more details....

-----
OALABS DISCORD
  / discord  

OALABS PATREON
  / oalabs  

OALABS TIP JAR
https://ko-fi.com/oalabs

OALABS GITHUB
https://github.com/OALabs

UNPACME - AUTOMATED MALWARE UNPACKING
https://www.unpac.me/#/

-----
Chapters:
0:00 Introduction
4:25 Setting Up IDA
6:15 How to Force hex-rays to Decompile All Functions
7:42 Methodology for Identifying an Embedded Configuration File
9:16 C++ Reversing Basics
18:53 Adding a Struct in IDA
22:10 Fixing Incorrect Struct Size
26:39 Quickly Reversing Functionality
28:42 Reverse Engineering With Structs
32:04 Malware Trick Used to Locate Address in Memory
36:43 Walking a PE File Using Pointers
41:21 Creating and Importing IDC Files

Automated unpacking:
https://www.unpac.me/#/

Unpacked sample
https://malshare.com/sample.php?actio...

IDC script (download don't copy paste):
https://gist.github.com/herrcore/ccf4...

The following tutorials may help with some of the basic concepts presented in this video.

C++ Reversing Basics
   • Reverse Engineering C++ Malware With IDA Pro  

IDA Pro Microcode and x86 Calling Conventions
   • IDA Pro Decompiler Basics Microcode and x8...  

RC4 Crypto
   • Reverse Engineering RC4 Crypto For Malware...  


Feedback, questions, and suggestions are always welcome : )


Sergei   / herrcore  
Sean   / seanmw  


As always check out our tools, tutorials, and more content over at https://www.openanalysis.net


#ReverseEngineering #Malware #WarZoneRat