Live Stream VOD: Danabot Loader Triage Part 1 - Delphi and IDA (Patreon)
Published:
2023-12-12 02:22:14
Imported:
Content
In this stream we take a look at a version of the Danabot Loader. Danabot is written in Delphi which requires some additional tooling on top of IDA to reverse engineer.
First we use IDR to recover the Delphi types then we use HashDB to resolve the dynamic imports and being triaging the binary. We build some structs for the main network object and identify the C2 config.
Sample
7417ee2722871b2c667174acc43dd3e79fcdd41bef9a48209eeae0ed43179e1f
Notes
DanaBot Triage - Taking a look at a new version of the Danabot loader