Sample

Metadata

SHA256: 1bc77b013c83b5b075c3d3c403da330178477843fc2d8326d90e495a61fbb01f
Difficulty: advanced
Platform: Windows
Tags: ast control flow gootloader js obfuscated
Likes: 0
Views: 8
Submitter: struppigel

Analysis

Goal

Create a static C2 extractor that uses abstract syntax tree transformations with Babel. You can use astexplorer.net as helper tool.

Description

This is a variant of Gootloader that features several packed layers and obfuscated control flow.

Recommended Tools

astexplorer babel

Solutions

Use Babel to Deobfuscate JavaScript Malware by larsborn

Image

Sample image

Comments

Please login to view and post comments.