Author: Tim Blazytko
Demonstrates how to decrypt strings in Mirai samples
Script and malware sample to decrypt strings in a Mirai malware sample.
Implementation is based on Binary Ninja. Check out the following blog post for more information:
Automation in Reverse Engineering: String Decryption
- Open
sample/mirai_armin Binary Ninja - Load and execute the script
To test the script with other Mirai samples, replace the function address in the following line:
target_function = bv.get_function_at(0x10778)
For more information, contact @mr_phrazer.