Steps to configure mitmproxy for ssl interception in malware analysis.
wget https://snapshots.mitmproxy.org/5.0.1/mitmproxy-5.0.1-linux.tar.gz --output-document=mitmproxy.tgz
sudo tar -xzvf mitmproxy.tgz -C /usr/local/bin/
av-gantimurov
av-gantimurov
/ agent_tesla_decode_xor.py
Last active
December 4, 2020 07:13
Script for decoding strings in decompiled AgentTesla samples
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| # -*- coding: utf-8 -*- | |
| """ | |
| Script for decoding string in AgentTesla source code for samples from Oct2020 | |
| Searches for specific class name. Class name may be defined by command arg. | |
| Author: Gantimurov Alexander | |
| Date: 2020-12-04 10:13 | |
| """ |
av-gantimurov
/ 151c1498ad114e882ceed52e03333ded.txt
Created
December 4, 2020 06:13
String from AgentTesla md5:151c1498ad114e882ceed52e03333ded
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| '\x00' | |
| '\x00\x00\x00' | |
| '\x02' | |
| '\x03' | |
| '\tINTEGER ' | |
| '\tOBJECTIDENTIFIER ' | |
| '\tOCTETSTRING ' | |
| '\n' | |
| '\r' | |
| '\r\n' |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| import itertools | |
| def xor(data, key): | |
| return bytearray(a ^ b for a, b in zip(data, itertools.cycle(key))) |
av-gantimurov
/ mitmproxy.md
Last active
March 14, 2023 09:06
Steps to configure mitmproxy for ssl interception in malware analysis
av-gantimurov
/ resources.md
Last active
November 27, 2024 20:04
List of resources for malware analysts
- Monappa K.A., "Learning Malware Analysis: Explore the concepts, tools, and techniques to analyze and investigate Windows malware" amazon.
- Sikorski M., Honig A., "Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software" amazon.
- Ferrie P., "The "Ultimate" Anti-Debugging Reference" [free](https://anti-reversing.com/Downloads/Anti-Reversing/The_Ultimate_Anti-Reversing_Reference.pdf
av-gantimurov
/ munpack-fix.sh
Last active
August 5, 2021 00:53
Fix munpack UTF-8 names in attachments
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| find . -type f -iname '*X=' | while read name | |
| do | |
| newname=$(echo "$name" | sed 's/[[:print:]]*\/=Xutf-8XBX//I; s/X=XXX=Xutf-8XBX//gI; s/X=$//' | base64 -d ) | |
| dir=$(echo $name | sed 's/\/=Xutf-8XBX[A-Za-z0-9X=/+-]\+//I') | |
| mv --verbose "$name" "${dir}/${newname}" | |
| done |
NewerOlder