Malware Analysis - JS to PowerShell to XWorm with Binary Refinery
We deobfuscate a JScript loader that downloads a powershell script, then we unpack the payload using Binary Refinery. We decrypt the configuration of the final payload: XWorm.
Udemy course:
XWorm config decrypter:
Binary Refinery:
Sample:
Buy me a coffee:
Follow me on Twitter:
1 month ago 00:57:39 1
1 month ago 00:15:34 1
1 month ago 00:08:28 3
1 month ago 00:08:32 5
1 month ago 00:34:11 1
2 months ago 00:01:15 1
2 months ago 00:39:13 1
2 months ago 02:34:41 1
2 months ago 00:07:36 1
3 months ago 00:05:30 1
3 months ago 00:34:03 1
3 months ago 00:08:03 1
3 months ago 00:13:11 1
4 months ago 00:40:05 1
4 months ago 00:27:09 1
4 months ago 02:09:07 7
5 months ago 00:43:08 1
5 months ago 00:10:31 1
5 months ago 00:17:49 1
6 months ago 00:29:39 1
6 months ago 00:29:39 1
6 months ago 00:16:18 1
6 months ago 00:28:07 1
7 months ago 00:19:24 1
