Listen Top Shows Blog

Reverse Engineering RC4 Crypto For Malware Analysis

Reverse Engineering RC4 Crypto For Malware Analysis

Update: 2019-06-17

Share

Description

This tutorial covers how to identify, verify, and decrypt RC4 encryption in malware using IDA Pro and the x64dbg debugger.

Wikipedia overview of RC4:
https://en.wikipedia.org/wiki/RC4

Python implementation of RC4 (for decryption in scripts):
https://gist.github.com/OALabs/1b07f7ef90e19e77745cad4101af78e9

CyberChef Online Tool:
https://gchq.github.io/CyberChef/

Feedback, questions, and suggestions are always welcome : )

Sergei https://twitter.com/herrcore
Sean https://twitter.com/seanmw

As always check out our tools, tutorials, and more content over at https://www.openanalysis.net

#ReverseEngineering #Encryption #RC4 #MalwareAnalysis

Comments

In Channel

REvil Ransomware Unpacked - Cheeky Hack To Build Import Address Table

REvil Ransomware Unpacked - Cheeky Hack To Build Import Address Table

2019-07-3009:10

Reverse Engineering RC4 Crypto For Malware Analysis

Reverse Engineering RC4 Crypto For Malware Analysis

2019-06-1715:56

Disable ASLR For Easier Malware Debugging With x64dbg and IDA Pro

Disable ASLR For Easier Malware Debugging With x64dbg and IDA Pro

2019-06-1107:31

Reverse Engineering C++ Malware With IDA Pro

Reverse Engineering C++ Malware With IDA Pro

2019-06-0323:40

Reverse Engineering Quick Tip - Unpacking Process Injection With a Single Breakpoint

Reverse Engineering Quick Tip - Unpacking Process Injection With a Single Breakpoint

2019-04-1403:30

WinDbg Basics for Malware Analysis

WinDbg Basics for Malware Analysis

2019-02-1938:36

Malware Samples Crashing x64dbg Fixed!

Malware Samples Crashing x64dbg Fixed!

2019-01-2706:55

Lazy String Decryption Tips With IDA PRO and Shade Ransomware Unpacked!

Lazy String Decryption Tips With IDA PRO and Shade Ransomware Unpacked!

2019-01-0728:05

OALabs Rewind 2018 - Reverse Engineering Bloopers

OALabs Rewind 2018 - Reverse Engineering Bloopers

2018-12-2903:38

Unpacking Quick Tip: Two Breakpoints to Unpack Hermes Ransomware

Unpacking Quick Tip: Two Breakpoints to Unpack Hermes Ransomware

2018-12-2802:37

Reverse Engineering IcedID / Bokbot Malware Part 2

Reverse Engineering IcedID / Bokbot Malware Part 2

2018-11-0937:59

Unpacking Bokbot / IcedID Malware - Part 1

Unpacking Bokbot / IcedID Malware - Part 1

2018-10-2615:58

How Do Packers Work - Reverse Engineering "FUD" Aegis Crypter

How Do Packers Work - Reverse Engineering "FUD" Aegis Crypter

2018-09-2217:41

Malware Analysis VM Setup Tutorial

Malware Analysis VM Setup Tutorial

2018-07-1614:12

Unpacking and Extracting TrickBot Malware Configuration With x64dbg and Python

Unpacking and Extracting TrickBot Malware Configuration With x64dbg and Python

2018-06-2027:52

Unpacking Gootkit Part 2 - Debugging Anti-Analysis Tricks With IDA Pro and x64dbg

Unpacking Gootkit Part 2 - Debugging Anti-Analysis Tricks With IDA Pro and x64dbg

2018-05-2019:23

Unpacking VB6 Packers With IDA Pro and API Hooks (Re-Upload)

Unpacking VB6 Packers With IDA Pro and API Hooks (Re-Upload)

2018-04-2929:23

Unpacking Princess Locker and Fixing Corrupted PE Header (OALabs x MalwareAnalysisForHedgehogs)

Unpacking Princess Locker and Fixing Corrupted PE Header (OALabs x MalwareAnalysisForHedgehogs)

2018-04-0834:03

Analyzing Adwind / JRAT Java Malware

Analyzing Adwind / JRAT Java Malware

2018-03-2633:23

Unpacking Gootkit Malware With IDA Pro and X64dbg - Subscriber Request

Unpacking Gootkit Malware With IDA Pro and X64dbg - Subscriber Request

2018-03-0431:30

00:00

00:00

x

Reverse Engineering RC4 Crypto For Malware Analysis

Reverse Engineering RC4 Crypto For Malware Analysis

OALabs