Sample
- SHA256
-
ee69b74d0f0dd59fcd87304863626efb727ad6255bc29a7d48b7a441390dff1a - Difficulty
- medium
- Platform
- Windows
- Tags
- autoit cypherit obfuscated packed
- Likes
- 0
- Views
- 1
- Submitter
- struppigel
Analysis
Goal
This is packed by CypherIt crypter. Unpack the malware.
Bonus: Extract the config of the payload.
Description
CypherIt is an AutoIt based crypter. The unpacking stub is an obfuscated, large AutoIt script with a lot of junk code.
Tip: There is an easier way to unpack this than deobfuscating the AutoIt script. Do proper triage and identify obvious encryption algorithms.
Sidenote: There is another CypherIt sample here with a different difficulty. The reason is that this sample here uses an earlier version of CypherIt, which was easier to unpack.
Recommended Tools
autoitripper binary refinery
Image
Comments
Please login to view and post comments.