Home
Artists
Search Recent Random
Posts
Search DMs Popular Hash Lookup Tags Random
Importer
Import FAQ
Register
Partychan Matrix ThePornDude
Home Artists Posts Import Register
Patreon importer is back online! Tell your friends ✅

Live Stream VOD: SmokeLoader Analysis Part 3 - Stage 3 Decrypted and Config Extracted (Patreon)

Published:
2022-09-03 04:37:38
Imported:
2022-12

Content

The conclusion to our analysis of SmokeLoader! All the secrets are revealed and it's grrr-eat! We finally figure out the missing piece for the API hashes and resolve them. This leads us to the missing piece of the puzzle for extracting Stage 3 - LZSA2 decompression! 

Once we have decrypted and decompressed Stage 3 we quickly locate the encrypted strings table, and the encrypted C2 table building ourselves a static config extractor!

This was a pretty triumphant conclusion if I do say so myself : )

 Samples

Notes

SmokeLoader Triage

Files

Live Stream VOD: SmokeLoader Analysis Part 3 - Stage 3 Decrypted and Config Extracted

This is "Live Stream VOD: SmokeLoader Analysis Part 3 - Stage 3 Decrypted and Config Extracted" by OALABS on Vimeo, the home for high quality videos and...

Comments

m4n0w4r

End of this live stream, until now you still not implement smoke loader hash function in hashdb rite :D ? Correct me if I'm wrong :P

oalabs
>>108724534

You tell me : ) That's actually a good exercise for becoming more familiar with HashDB and API hashing in general.