Home
Artists
Search Recent Random
Posts
Search DMs Popular Hash Lookup Tags Random
Importer
Import FAQ
Register
Partychan Matrix ThePornDude
Home Artists Posts Import Register
Patreon importer is back online! Tell your friends ✅

Live Stream VOD: DbatLoader Analysis (Patreon)

Published:
2022-09-22 16:40:57
Imported:
2022-12

Content

In this twitch stream we take a look at dbatloader, a simple Delphi downloader that is used to download and execute other malware. This would be a straightforward analysis except the binary is written in Delphi and requires a lot of time to untangle... jump ahead to around 3:30 to get to the part where we begin to make progress.

Sample

dc5ec82e7cb2590ae612a2dd7203ae3a81662707377f2be44c94378ef0b0d3b0 

Notes

DbatLoader Triage 

Files

overlay

This is "Live Stream VOD: DbatLoader Analysis" by OALABS on Vimeo, the home for high quality videos and the people who love them.

Comments

m4n0w4r

Haha, I hear many F**k and Sh*t in this stream...but thanks, this help me write a script to decrypt stage3 payload of the recent Dbatloader. And finally, I also hate Delphi binary :)))

m4n0w4r

For Delphi binaries, we can use IDR to analyze and generate .map file. Then, use https://github.com/mefistotelis/ida-pro-loadmap to load generated .map file to our IDB.