Ghidra script to decrypt strings in Amadey 1.09 – Max Kersten
Tags
| attack-pattern: | Data Model Malware - T1587.001 Malware - T1588.001 Python - T1059.006 Software - T1592.002 Tool - T1588.002 Scripting - T1064 Scripting |
Common Information
| Type | Value |
|---|---|
| UUID | 3303435b-ecbf-41c2-a340-ba07cba3fa91 |
| Fingerprint | a4517a10a94d338e |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Aug. 19, 2022, midnight |
| Added to db | Sept. 26, 2022, 9:30 a.m. |
| Last updated | Oct. 11, 2024, 2:20 p.m. |
| Headline | Ghidra script to decrypt strings in Amadey 1.09 |
| Title | Ghidra script to decrypt strings in Amadey 1.09 – Max Kersten |
| Detected Hints/Tags/Attributes | 41/1/12 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 2 | blag.nullteilerfrei.de |
|
| Details | Domain | 2 | pcodes.next |
|
| Details | Domain | 2 | pcodeop.call |
|
| Details | Domain | 17 | java.util.map |
|
| Details | Domain | 4 | ghidra.app |
|
| Details | Domain | 2 | instant.now |
|
| Details | File | 2 | codeunit.pl |
|
| Details | File | 1 | util.opt |
|
| Details | md5 | 1 | dbaaa2699c639f652117e9176fd27fdf |
|
| Details | sha1 | 1 | 3e4cd703deef2cfd1726095987766e2f062e9c57 |
|
| Details | sha256 | 1 | 654b53b4ef5b98b574f7478ad11192275178ca651d9e8496070651cd6f72656a |
|
| Details | Url | 2 | https://blag.nullteilerfrei.de/2020/02/02/defeating-sodinokibi-revil-string-obfuscation-in-ghidra |