Forum Discussion

Bronze III

5 months ago

Solved

Malware Analysis: Shlayer

I've done the first 2 questions but stuck on the 3rd - what is the XOR key? Is this found in the first or second stage 7z compressed file? and....the lab description mentions Cyberchef - is this ava...

defensive cyber

IotS2024
5 months ago
Mmmhh, i looked at the lab to help you. Noticed it was a hard one. Tried what was in my mind for the xor-key and it was right. This key only has 2 chars. A number and a letter. Try searching for ^ in ghidra.
good luck :)

RobN

Bronze III

5 months ago

Sorted this now, I went on a tangent!

RobH

Bronze I

8 days ago

Hi Rob, I was wondering if you remembered enough about this to give me a hint? I feel like I'm checking everywhere for the hex beneath the zzz43...24cl portions, but I'm just not finding anything conclusive.

RobN
Bronze III
7 days ago
Hi RobH,
I'll check my notes later, see what I can find. I'll take another look at the lab too - looking at my answer I went the long way round to find it.
RobN
Bronze III
6 days ago
Hi Rob,
Unfortunately I wasn't able to find any notes for this lab but check what GusC wrote above, this should help you find it.

Forum Discussion

Malware Analysis: Shlayer

Featured Places

Help & Support Forum

Related Content

Practical Malware Analysis: Static Analysis question 18

Practical Malware Analysis: Static Analysis question 19

Practical Malware Analysis: .NET Encryption and Encoding

python-scripting-for-malware-analysis-ep-5-code-obfuscation

Malware Analysis: Tracking a LOLBins Campaign – Examination

Recent Discussions

Hack Your First Web App: Ep.4 Missing Cookie

It seems correct answer is not accepted.

Help with Introduction to Python Scripting: Ep.7 – Demonstrate Your Skills

Privilege Escalation: Windows – Finding Passwords

Microsoft Defender for Cloud: Inventory, Resource Health and Recommendations.