Beginner Automated Malware Analysis and LLM Reversing Stream (16-03-2024)

We automated the analysis of the Phorpiex sample that we manually analyzed last stream. We dumped our unpacked sample using Hollows Hunter, extracted IOCs and identified the Phorpiex malware using AssemblyLine and automated high level reverse engineering using Binary Ninja's Sidekick Large Language Model (LLM) plugin. Training: https://training.invokere.com/course/imbtbn Notes: https://github.com/Invoke-RE/stream-notes/blob/main/beginner-streams/README.md Part 1: https://www.youtube.com/watch?v=2kQmx2YYlDw Unpacking script: https://github.com/Invoke-RE/x64dbg-scripts/blob/main/unpacking_apis.txt Twitch: https://www.twitch.tv/InvokeReversing Twitter: https://twitter.com/InvokeReversing Mastodon: https://infosec.exchange/@invokereversing 0:00 Intro 3:39 Mal_Unpack and Hollows Hunter 12:37 Unpacking and Auto-Dumping 35:32 Unpac.Me to Unpack 37:44 AssemblyLine to Extract IOCs 44:54 Reversing with Binja Sidekick LLM 48:30 Conditional Breakpoints in x64dbg 55:13 Sidekick LLM Reversing Continued 1:43:56 Closing thoughts