oalabs

Live Stream VOD: Reversing Dridex Loader Imports, String Decryption, and Code Injection (Patreon)

Published:

2021-12-01 14:01:07

Edited:

2022-01-13 21:41:46

Imported:

Tags:

Live Stream Twitch dridex reverse engineering

Content

Twitch live stream VOD. We take a look at the (doppeldridex) Dridex loader binary and prepare it for full static analysis. We resolve the imports, decrypt the strings, and decrypt the embedded shell code.

Sample available on Malshare:

c7990f1e72fdfa84552f02f9d11cabb74251b0508291af5366fefcee646f9c91

Lab Notes - includes code samples:

Dridex Loader

Files

Vimeo

Join the web's most supportive community of creators and get high-quality tools for hosting, sharing, and streaming videos in gorgeous HD with no ads.