Cryptor: A New Toolset for Writing Windows Based Self-Encrypting Malware

Presented at Kernelcon 2022, April 1, 2022, 5 p.m. (60 minutes)

Over the last year and a half, Jacob Mohrbutter has put much time into developing a new tool called Cryptor. This tool allows for the development of binaries that would present interesting and complex issues for Reverse Engineering. The main problem addressed with this tool is the storage of symmetric keys; instead of attempting to hide the key in the binary, the resulting binary will attempt to reach a C2 server for the relevant keying material. This talk will also cover heuristics that AV technology can use to detect encrypted samples, such as the sample presented in this toolset.

Presenters:

• Jacob Mohrbutter
  Jacob Mohrbutter is a DC402 member and hacker in the Omaha metropolitan area. Jacob attends the University of Nebraska at Omaha as a dual major in computer science and information assurance. His interests include Malware and Reverse Engineering.

Similar Presentations:

• HOPE 2020 Virtual Rescheduled / Defend Your Own System Through Binary Recompilation
• 33C3 (2016) / radare demystified: after 1.0
• 31C3 (2014) / Cyber Necromancy: Reverse Engineering Dead Protocols