OALabs | Analyzing Adwind / JRAT Java Malware @OALABS | Uploaded 6 years ago | Updated 3 hours ago
Open Analysis Live! We analyze Adwind / JRAT malware using x64dbg and Java ByteCode Viewer. This was a subscriber request asking us to take a closer look at Adwind and how to extract the config...
-----
OALABS DISCORD
discord.gg/6h5Bh5AMDU
OALABS PATREON
patreon.com/oalabs
OALABS TIP JAR
ko-fi.com/oalabs
OALABS GITHUB
github.com/OALabs
UNPACME - AUTOMATED MALWARE UNPACKING
unpac.me/#
-----
Packed sample:
SHA256 - 937a18e19ad1579ffc5f9399830860c13fc9f54df4c3f4a0f9f15a658e02ddac
malshare.com/sample.php?action=detail&hash=f0abfd6d3fb0ba12a5d874b16ac753fc
Hybrid Analysis sandbox:
hybrid-analysis.com/sample/937a18e19ad1579ffc5f9399830860c13fc9f54df4c3f4a0f9f15a658e02ddac?environmentId=100
Decoy Adwind unpacked:
malshare.com/sample.php?action=detail&hash=c10199b8c0855b502d6edfe204bf7767
Adwind config:
pastebin.com/aq7K1GNY
Blog post on Adwind:
codemetrix.net/decrypting-adwind-jrat-jbifrost-trojan
x64dbg:
x64dbg.com/#start
Java ByteCode Viewer:
bytecodeviewer.com
Compile and run Java Class file
docs.oracle.com/javase/tutorial/getStarted/cupojava/win32.html
Java JAR basics
docs.oracle.com/javase/tutorial/deployment/jar/basicsindex.html
Python Adwind decryptor:
gist.github.com/herrcore/8336975475e88f9bc539d94000412885
Feedback, questions, and suggestions are always welcome : )
Sergei twitter.com/herrcore
Sean twitter.com/seanmw
As always check out our tools, tutorials, and more content over at http://www.openanalysis.net
Open Analysis Live! We analyze Adwind / JRAT malware using x64dbg and Java ByteCode Viewer. This was a subscriber request asking us to take a closer look at Adwind and how to extract the config...
-----
OALABS DISCORD
discord.gg/6h5Bh5AMDU
OALABS PATREON
patreon.com/oalabs
OALABS TIP JAR
ko-fi.com/oalabs
OALABS GITHUB
github.com/OALabs
UNPACME - AUTOMATED MALWARE UNPACKING
unpac.me/#
-----
Packed sample:
SHA256 - 937a18e19ad1579ffc5f9399830860c13fc9f54df4c3f4a0f9f15a658e02ddac
malshare.com/sample.php?action=detail&hash=f0abfd6d3fb0ba12a5d874b16ac753fc
Hybrid Analysis sandbox:
hybrid-analysis.com/sample/937a18e19ad1579ffc5f9399830860c13fc9f54df4c3f4a0f9f15a658e02ddac?environmentId=100
Decoy Adwind unpacked:
malshare.com/sample.php?action=detail&hash=c10199b8c0855b502d6edfe204bf7767
Adwind config:
pastebin.com/aq7K1GNY
Blog post on Adwind:
codemetrix.net/decrypting-adwind-jrat-jbifrost-trojan
x64dbg:
x64dbg.com/#start
Java ByteCode Viewer:
bytecodeviewer.com
Compile and run Java Class file
docs.oracle.com/javase/tutorial/getStarted/cupojava/win32.html
Java JAR basics
docs.oracle.com/javase/tutorial/deployment/jar/basicsindex.html
Python Adwind decryptor:
gist.github.com/herrcore/8336975475e88f9bc539d94000412885
Feedback, questions, and suggestions are always welcome : )
Sergei twitter.com/herrcore
Sean twitter.com/seanmw
As always check out our tools, tutorials, and more content over at http://www.openanalysis.net
