Home
Artists
Search Recent Random
Posts
Search DMs Popular Hash Lookup Tags Random
Importer
Import FAQ
Register
Partychan Telegram Find&Fuck Waifus ThePornDude
Home Artists Posts Import Register

Live Stream VOD: Danabot Loader Triage Part 1 - Delphi and IDA (Patreon)

Published:
2023-12-12 02:22:14
Imported:
Tags:
Flagged

Content

In this stream we take a look at a version of the Danabot Loader. Danabot is written in Delphi which requires some additional tooling on top of IDA to reverse engineer. 

First we use IDR to recover the Delphi types then we use HashDB to resolve the dynamic imports and being triaging the binary. We build some structs for the main network object and identify the C2 config. 

Sample

7417ee2722871b2c667174acc43dd3e79fcdd41bef9a48209eeae0ed43179e1f

Notes

DanaBot Triage - Taking a look at a new version of the Danabot loader 

Files

Live Stream VOD: Danabot Loader Triage Part 1 - Delphi and IDA

Comments

m4n0w4r

Long stream and nightmare struct !!