tr: "I know what I'm doing my lightning talk on"
Aloïs "Alol" de Souza-Coroller
Malware Analyst @CERT La Poste
Was forced to submit a LT (kidding)
Have slept ~2h (not kidding)
You better submit a LT or I'm not paying for your travel expenses !
Plz no I'm a poor student :(
(me)
(boss)
Sources:
https://twitter.com/pcrisk/status/1776153378541711571
https://www.virustotal.com/gui/file/265db2cb4ed90260f5b245d475510d005476eaeb967ab8e8b4959aba92e97e81
#WARNING: Decompyle incomplete
Unsupported opcode
Sources:
https://github.com/extremecoders-re/pyinstxtractor
https://github.com/zrax/pycdc
https://github.com/marcosValle/RansPy/blob/master/enc.py
+
repurposed decryption function
=
Decryptor !
@yarienkiva - Aloïs - CERT La Poste
If you ever need the decryptor for some inconceivable reason:
https://gist.github.com/yarienkiva/95802bf6e92ea1ff797b877106e687ad
Looking for work in september,
Will RE / Pwn / Threat hunt for food :)