Free Nitro

EasyMalware Reverse Engineering

Overview

we have a suspected malware related to discord, can you get the discord webhook id? archive password: infected flag format: flag{DISCORD_WEBHOOK_ID}

Lab Details

Prerequisites & Requirements

Python Internals: Fundamental understanding of Python syntax and compiled bytecode (.pyc).
Packaging Formats: Familiarity with how Python scripts are bundled into Windows executables (PE files).
Encoding Schemes: Proficiency in identifying and reversing Base64 data structures.

What will you learn?

Static Triage: Utilizing entropy and header analysis to identify packed executables.
PyInstaller Extraction: Deconstructing bundled PE files to recover underlying bytecode artifacts.
Bytecode Decompilation: Reconstructing high-level source code from compiled Python modules.
Stealer Logic Analysis: Identifying data exfiltration vectors, specifically Discord webhook-based Command & Control (C2) mechanisms.

Tools

Identification: Detect-It-Easy (DIE)
Extraction: Pyinstxtractor

Job Positions

Malware Analyst

Tags

Static AnalysisMalware AnalysisPackerDecompilerC2 Communication