Zero2Automated

Welcome to Official Course Blog

Developed for those looking to further enhance their skills in the Malware Analysis/Reverse Engineering field

Twitter: @VK_Intel, @0verfl0w_, @sysopfb

DBatLoader/ModiLoader Analysis – First Stage

Reversing the First Stage I don’t typically tend to reverse engineer Delphi binaries, as most of the malicious software written in Delphi is actually the wrapper/packer for the main payload written in something like C/C++. However, scrolling through Twitter one day, I noticed @abuse.ch replying to a tweet about a somewhat unknown loader currently spreading … Continue reading DBatLoader/ModiLoader Analysis – First Stage

De-crypting a TrickBot Crypter

Introduction TrickBot has utilized their own crypting service for some time now and it has been frequently updated over time. The latest version utilizes RC4 with a twist and is also a perfect example for writing a simple unpacker while at the same time being forced to analyze a slightly modified encryption routine. Static Analysis … Continue reading De-crypting a TrickBot Crypter