Home
Artists
Search Recent Random
Posts
Search DMs Popular Hash Lookup Tags Random
Importer
Import FAQ
Register
Partychan Matrix ThePornDude
Home Artists Posts Import Register
Patreon importer is back online! Tell your friends ✅

Live Stream VOD: Night Sky Ransomware FLAIR / FLIRT Signatures in IDA PRO and BinDiff With Rook Ransomware (Patreon)

Published:
2022-01-16 00:29:40
Imported:
2022-12
Flagged

Content

Twitch live stream VOD. We generate IDA Pro FLIRT / FLAIR signatures for the mbedtls library in Night Sky ransomware and begin reverse engineering. Once we have a nice IDB we use BinDiff to compare NightSKy against Rook ransomware and confirm they are from the same code base.

Sample available on Malshare:

8c1a72991fb04dc3a8cf89605fb85150ef0e742472a0c58b8fa942a1f04877b0

Clean unpacked payload (fixed OEP):

ff5757086c464d624f4a6674d65409fb6fa84ad5ac089583ebc994ba949458d7

Lab Notes:

NightSky Ransomware

Files

Live Stream VOD: Night Sky Ransomware FLAIR / FLIRT Signatures in IDA PRO and BinDiff With Rook Ransomware

This is "Live Stream VOD: Night Sky Ransomware FLAIR / FLIRT Signatures in IDA PRO and BinDiff With Rook Ransomware" by OALABS on Vimeo, the home for high...

Comments

No comments found for this post.