eset/stadeo eset/stadeo

  • Stars
    star
    127
  • Rank 282,790 (Top 6 %)
  • Language
    Python
  • License
    Other
  • Created over 4 years ago
  • Updated almost 3 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
eset/stadeo
github

eset

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Control-flow-flattening and string deobfuscator

Stadeo

Stadeo is a set of tools primarily developed to facilitate analysis of Stantinko, which is a botnet performing click fraud, ad injection, social network fraud, password stealing attacks and cryptomining.

The scripts, written entirely in Python, deal with Stantinko's unique control-flow-flattening (CFF) and string obfuscation techniques described in our March 2020 blogpost. Additionally, they can be utilized for other purposes: for example, we’ve already extended our approach to support deobfuscating the CFF featured in Emotet – a trojan that steals banking credentials and that downloads additional payloads such as ransomware.

Our deobfuscation methods use IDA, which is a standard tool in the industry, and Miasm – an open source framework providing us with various data-flow analyses, a symbolic execution engine, a dynamic symbolic execution engine and the means to reassemble modified functions.

More Repositories

1

malware-ioc

Indicators of Compromises (IOC) of our various investigations
YARA
1,429
star
2

ipyida

IPython console integration for IDA Pro
Python
671
star
3

malware-research

Code written as part of our various malware investigations
Python
336
star
4

vba-dynamic-hook

VBA Dynamic Hook dynamically analyzes VBA macros inside Office documents by hooking function calls
Python
145
star
5

wslink-vm-analyzer

WslinkVMAnalyzer is a tool to facilitate analysis of code protected by a virtual machine featured in Wslink malware
Python
46
star
6

volatility-browserhooks

Volatility Framework plugin to detect various types of hooks as performed by banking Trojans
Python
38
star
7

vulnerability-disclosures

Repository of vulnerabilities disclosed by ESET
23
star
8

slides

Slides from presentations done by ESET researchers
HTML
20
star
9

cry-decryptor

CryDecryptor is an Android application to decrypt files from device compromised by the CryCryptor ransomware
Java
16
star
10

wslink-client

WslinkClient is a client intended to communicate with Wslink, which is a unique loader running as a server
C
12
star
11

kafka-browser

Kafka message viewer
CSS
8
star
12

jupyter-kernel-proxy

Jupyter kernel acting as a proxy to any other, already running, kernel.
Python
2
star
13

eei-agent-linux-probes

eBPF probes used by ESET Linux products
C
1
star
14

sampleshare

ESET sample sharing platform, implementing the Norman Sampleshare Framework
JavaScript
1
star