21 Dec 2023
Malware analysis She sells C# shells by the C2shoreI have really been slacking this year, so time to try and catch up.
.NET binaries contain code written in languages compatible with .NET framework, like C#, VB.NET, F#, and managed C++. Can be exes, dlls, or assemblies of multiple types and resources. These languages donโt compile straight to machine language but go to an intermediate language (IL) which gets translated at runtime by a Common Language Runtime (CLR). This allows .NET binaries to be reconverted back to source code.
Namespace - Container to organize related code elements, like classes, into logical groups. Prevents naming conflicts and provides structure.Class - Defines the structure and behavior of itโs objects. Contains functions and methods.Function - Reusabel block of code that performs a specific action or task.Variable - Named storage location for data.For loops repeatedly execute a block of code for a given number of times. Typically consists of initialization, condition, and iteration. Can be broken with break command.
Conditional statements include if and else.
Can include namespaces, classes, and functions from external libraries through using directive.
Open-source .NET assembly (C#) debugger and editor. Typically used for reverse enigneering .NET applications and analysing their code. Also capable of modifying retrieved code, setting breakpoints, and running through code one step at a time.
Focus on individual functions before tackling Main function.
Breakdown the malware and extract information about what it does and who it contacts.
Malware Analysis module in the SOC Level 2 Path.