Live Stream VOD: Lumma Stealer Deobfuscation - Part 1 (Patreon)

This is the first part of our series on removing the code obfuscation from the latest version of Lumma Stealer. In this VOD we identify the opaque predicate patterns that are preventing IDA from reconstructing the control flow and we begin to build an IDAPython script to remove them.

Sample

• 18a065b740da441c636bce23fd72fc0f68e935956131973f15bf4918e317bf03 [UnpacMe]

Notes

• Lumma Stealer Obfuscation - Taking a look at obfuscation in the latest version of lumma

• lumma_cf.py