Skip to content

/ stadeo

Control-flow-flattening and string deobfuscator

View license
7 stars 1 fork
Star
Watch
master
1 branch 0 tags
Go to file
Code
Clone

Use Git or checkout with SVN using the web URL.

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
doc
 
 
stadeo
 
 
LICENSE
 
 
README.md
 
 
setup.py
 
 

README.md

Stadeo

Stadeo is a set of tools primarily developed to facilitate analysis of Stantinko, which is a botnet performing click fraud, ad injection, social network fraud, password stealing attacks and cryptomining.

The scripts, written entirely in Python, deal with Stantinko's unique control-flow-flattening (CFF) and string obfuscation techniques described in our March 2020 blogpost. Additionally, they can be utilized for other purposes: for example, we’ve already extended our approach to support deobfuscating the CFF featured in Emotet – a trojan that steals banking credentials and that downloads additional payloads such as ransomware.

Our deobfuscation methods use IDA, which is a standard tool in the industry, and Miasm – an open source framework providing us with various data-flow analyses, a symbolic execution engine, a dynamic symbolic execution engine and the means to reassemble modified functions.

About

Control-flow-flattening and string deobfuscator

Topics

reverse-engineering deobfuscation malware control-flow miasm python strings ida-pro ida idapython emotet deobfuscator stantinko

Resources

Readme

License

View license

Releases

No releases published

Packages

No packages published

Languages

You can’t perform that action at this time.