Malware Analysis - RenPy game, finding malware code in 2956 files, Beginner friendly

Many applications have thousands of files, making even non-obfuscated malware sometimes challenging. This malware is based on the visual novel engine framework Renpy. I show monitoring, strategies for finding malware code, decompiling Renpy code, extracting the remote access tool configuration, binary refinery decryption and unpacking the native payload with x64dbg. Discord:   / discord   Malware analysis courses: https://malwareanalysis-for-hedgehogs... Sample: https://bazaar.abuse.ch/sample/3c086e... Renpy unpacker: https://github.com/struppigel/hedgeho... Unrpyc: https://github.com/CensoredUsername/u... EvilConwi config extractor: https://github.com/struppigel/hedgeho... Buy me a coffee: https://ko-fi.com/struppigel Follow me on Twitter:   / struppigel   00:00 Intro 00:40 Reddit post and video 03:03 Quick malware verdict with sandbox dump 06:03 ProcMon monitoring 10:04 Find sandbox checker with findstr 13:00 Entry points of execution environment 18:06 Decrypt the first layer with binref 21:00 Remote access tool loader 23:00 Extract config from abused ScreenConnect 27:33 Extract and decompiling renpy loader 31:53 Defeat anti-sandbox 32:56 Unpack the payload #malware #malwareanalysis #reverseengineering