Beginner Malware Analysis: DCRat with dnSpy (Stream 03/06/2025)

Автор: Invoke RE

Загружено: 2025-06-21

Просмотров: 2004

Описание:

In this stream we analyzed a DCRat .NET assembly with dnSpy, wrote Python automation to decrypt its configuration items, found additional samples with unpac.me and Yara, then tested our decryption script against additional samples.

Learn how to reverse engineer malware: https://training.invokere.com/
Merch: https://shop.invokere.com
Notes: https://github.com/Invoke-RE/stream-n...
Twitch: / invokereversing
Twitter: / invokereversing
BlueSky: https://bsky.app/profile/invokerevers...
Mastodon: https://infosec.exchange/@invokerever...

Introduction 00:00
Global Setting Decryption 05:50
Anti-Analysis 14:38
Mutex Creation 17:47
Process Killing Thread 18:24
Privilege and BSOD Protection 20:59
Persistence 23:17
Clear Settings 27:46
AMSI Bypass 28:14
Command and Control 33:14
Camera Functionality 37:10
Hardware ID Generation 37:52
Information Collection 38:50
Decrypting Configuration Items with Cyberchef 40:19
Decrypting Configuration with Python dncil 53:15
Python Decryption Working with dncil 01:25:22
Testing Against Other Samples 01:26:48
Writing Yara to Find More Samples 01:29:26
Testing with AssemblyLine 01:33:37

Beginner Malware Analysis: DCRat with dnSpy (Stream 03/06/2025)

Доступные форматы для скачивания:

Скачать видео mp4

Информация по загрузке:

Скачать аудио mp3

Похожие видео

JetKVM - девайс для удаленного управления вашими ПК

JetKVM - девайс для удаленного управления вашими ПК

SORVEPOTEL PowerShell .NET Loader Infection Chain Analysis (Stream - 14/10/2025)

SORVEPOTEL PowerShell .NET Loader Infection Chain Analysis (Stream - 14/10/2025)

Арестович & Шелест: День 1426. Дневник войны. Сбор для военных👇

Арестович & Шелест: День 1426. Дневник войны. Сбор для военных👇

Beginner Malware Analysis: Babuk Ransomware with IDA Pro (Stream - 13/05/2025)

Beginner Malware Analysis: Babuk Ransomware with IDA Pro (Stream - 13/05/2025)

Triaging Obfuscated Binaries with Binary Ninja and AssemblyLine (Stream - 26/08/2025)

Triaging Obfuscated Binaries with Binary Ninja and AssemblyLine (Stream - 26/08/2025)

Unity Game Hacking with dnSpy

Unity Game Hacking with dnSpy

Fake PuTTY Installer Malware Analysis with IDA Pro

Fake PuTTY Installer Malware Analysis with IDA Pro

Как я запускаю и отлаживаю вредоносную службу (анализ вредоносного ПО)

Как я запускаю и отлаживаю вредоносную службу (анализ вредоносного ПО)

Getting Started with dnSpyEx - Unraveling a .NET Formbook Dropper

Getting Started with dnSpyEx - Unraveling a .NET Formbook Dropper

Floxif File Infector with Control Flow Obfuscation Analysis (Stream - 06/01/2026)

Floxif File Infector with Control Flow Obfuscation Analysis (Stream - 06/01/2026)

deconstructing an advanced malware infection chain in 30 minutes

deconstructing an advanced malware infection chain in 30 minutes

Malware Analysis Masterclass 2025 | Static + Dynamic Tricks

Malware Analysis Masterclass 2025 | Static + Dynamic Tricks

Maverick .NET Agent Analysis and WhatsApp PowerShell Worm (Stream - 21/10/2025)

Maverick .NET Agent Analysis and WhatsApp PowerShell Worm (Stream - 21/10/2025)

How I Debug DLL Malware (Emotet)

How I Debug DLL Malware (Emotet)

🔥 DDR5 СВОИМИ РУКАМИ | Выживаем в кризис памяти 2026 года 💪| SODIMM - UDIMM без переходников

🔥 DDR5 СВОИМИ РУКАМИ | Выживаем в кризис памяти 2026 года 💪| SODIMM - UDIMM без переходников

Triaging Malware with Malcat (Stream - 29/07/2025)

Triaging Malware with Malcat (Stream - 29/07/2025)

Компания Salesforce признала свою ошибку.

Компания Salesforce признала свою ошибку.

Powershell and DnSpy tricks in .NET reversing – AgentTesla [Part1]

Powershell and DnSpy tricks in .NET reversing – AgentTesla [Part1]

Analyzing the Zeus Banking Trojan - Malware Analysis Project 101

Analyzing the Zeus Banking Trojan - Malware Analysis Project 101

ADVANCED Malware Analysis | Reverse Engineering | Decompiling Disassembling & Debugging (PART 1)

ADVANCED Malware Analysis | Reverse Engineering | Decompiling Disassembling & Debugging (PART 1)