Live Stream VOD: New Emotet x64 Obfuscated Config Extraction (Patreon)

Published:

2022-05-23 02:51:34

Imported:

2022-12

Content

In this twitch stream we look at the recently updated emotet that is using obfuscation to hide its config and we use emulation to build a config extractor.

Sample:

92033dc85730f7dc5dbd85369ea1db8806ce7581c1e9b4764a82abfc54e3146e

Sample Unpacked:

c688e079a16b3345c83a285ac2ae8dd48680298085421c225680f26ceae73eb7

Lab Notes (with code and Yara rule):

Emotet x64 Stack Strings Config Emulation

Files

Live Stream VOD: New Emotet Obfuscated Config Extraction

This is "Live Stream VOD: New Emotet Obfuscated Config Extraction" by OALABS on Vimeo, the home for high quality videos and the people who love them.