CyberChef

CyberChef

Stage 2 PowerShell deobfuscated

Deobfuscate PowerShell using subtract – CyberChef Recipe 0x4

turned_in_notCyberChef, CyberChef Recipe, Infostealer, PowerShell, RedLine
In this quick blog post, we’ll explore the various combination of CyberChef operations e.g Generic code Beautify, Subsection, Fork, Subtract etc. to deobfuscate the second-stage PowerShell script used in the RedLine stealer infection chain. The PowerShell contain multiple array consist of integer. It employs a straightforward function to decode the…
Read More
AsyncRAT CyberChef Recipe last step

AsyncRAT config decryption using CyberChef – Recipe 0x2

turned_in_not.NET, AsyncRAT, Config, CyberChef, CyberChef Recipe, RAT, Remote Access Tool
In the realm of malware analysis, tools like CyberChef play a pivotal role. One of the challenges that malware analysts often face is decrypting configurations of Remote Access Trojans (RATs) like AsyncRAT. This article provides a step-by-step guide on how to decrypt AsyncRAT configurations using CyberChef. Decrypting AsyncRAT ConfigurationsAsyncRAT is…
Read More
keyboard_arrow_up