Skip to Main Content
Learning Malware Analysis
book

Learning Malware Analysis

by Monnappa K A
June 2018
Beginner content levelBeginner
510 pages
13h 7m
English
Packt Publishing
Content preview from Learning Malware Analysis

3. Custom Encoding/Encryption

Sometimes, attackers use custom encoding/encryption schemes, which makes it difficult to identify the crypto (and the key), and it also makes reverse engineering harder. One of the custom encoding methods is to use a combination of encoding and encryption to obfuscate the data; an example of such a malware is Etumbot (https://www.arbornetworks.com/blog/asert/illuminating-the-etumbot-apt-backdoor/). The Etumbot malware sample, when executed, obtains the RC4 key from the C2 server; it then uses the obtained RC4 key to encrypt the system information (such as hostname, username, and IP address), and the encrypted content is further encoded using custom Base64 and exfiltrated to the C2. The C2 communication containing ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Practical Malware Analysis

Practical Malware Analysis

Michael Sikorski, Andrew Honig
Evasive Malware

Evasive Malware

Kyle Cucci
Security in Computing

Security in Computing

Shari Lawrence Pfleeger, Charles P. Pfleeger, Jonathan Margulies

Publisher Resources

ISBN: 9781788392501Other