This report reveals how to deobfuscate a customized .Net ConfuserEx guarded malware. We identified this modern malware campaign from our State-of-the-art Malware Protection (AMP) telemetry. Original an infection is through a destructive Phrase document, the malware in the end executes in memory an embedded payload from the Recam family. Recam is an details stealer. Even though the malware has been all around for the previous number of many years, there’s a purpose you won’t see a important quantity of documentation concerning its internals. The authors have absent the extra mile to hold off investigation of the sample, including numerous levels of knowledge encryption, string obfuscation, piecewise nulling, and knowledge buffer constructors. It also depends on its individual C2 binary protocol which is seriously encrypted along with any related knowledge ahead of transmission.
Study Much more >>