Live Stream VOD: AMSI Bypass Loader Part 2 (Patreon)
Published:
2023-06-20 15:01:02
Imported:
2023-09
Content
In this Twitch stream we continue our triage of this new loader that uses AMSI bypasses to avoid detection. In this part we focus on the injected X64 shell code. The shell code uses relative offsets to access data within itself which poses some challenges for IDA, and it contains multiple encrypted strings as well as another PE file.
Sample
43cc6ed0dcd1fa220283f7bbfa79aaf6342fdb5e73cdabdde67debb7e2ffc945
Notes
AMSI Bypass In The Wild - Taking a close look at this asyncrat loader with an AMSI bypass