Analyzing Recent Evolutions in Malware Loaders

Analyze recent evolutions in malware loaders in this 54-minute conference talk from the Hack In The Box Security Conference. Explore the significant increase in malware loader volume and variety over the past year, examining how adversaries are shifting from malvertising to creating new botnets for distributing various malware payloads. Delve into the characteristics of this new generation of malware loaders, including increased obfuscation, modularization, and flexibility. Learn about techniques for hunting these loaders in corporate environments and methods for more effective analysis. Gain insights from Cisco Talos threat researchers as they discuss the changing landscape of malware distribution, multi-stage delivery tactics, and evasion techniques employed by cybercriminals.

Intro
Building and Reverse Engineering PE
Packer/Cryptor First Generation
Real Malware
Binary Obfuscation
Malware Detection - API Call Monitoring
64bit Windows
Bypassing Behavior-Based Detection
Anti-Analysis Techniques
Malware Loader
living off the Land and Mixing Technologies
Infection Overview
Resolve API functions - Part 1
Self Modifying Code Decoding encoded code from duta section and secute it
PI Call Obfuscation - API Function resolution Part 2
Basics - 64bit API calls
Obfuscate Syscalls
Basics - WoW64 - Subsystem
Heavens Gate - Obfuscation
Decrypt Payload
First Clue
Infection Chain
Powershell Loader
Initial Infection Vector
What Can Defenders Do?
Hunting for Loaders
Dynamic Data Resolver Version 1.0