golang obfuscated malware goes crazy

May 19, 2025 Yanac

https://jh.live/keeper-pam || Keeper PAM offers a privileged access management solution for enterprise grade protection all in one unified platform — keep your users, data, and environment secure with Keeper! https://jh.live/keeper-pam

https://go.dev/
https://binary.ninja/
https://hex-rays.com/ida-pro
https://ghidra-sre.org/
https://github.com/goretk/redress
https://github.com/mandiant/GoReSym
https://github.com/burrowers/garble
https://cloud.google.com/blog/topics/threat-intelligence/gostringungarbler-deobfuscating-strings-in-garbled-binaries
https://github.com/mandiant/gostringungarbler
https://github.com/unixpickle/gobfuscate
https://invokere.com/posts/2025/03/ungarble-deobfuscating-golang-with-binary-ninja/
https://github.com/Invoke-RE/ungarble_bn
https://www.volexity.com/blog/2025/04/01/goresolver-using-control-flow-graph-similarity-to-deobfuscate-golang-binaries-automatically/
https://github.com/volexity/GoResolver

Learn Cybersecurity and more with Just Hacking Training: https://jh.live/training
See what else I’m up to with: https://jh.live/newsletter

ℹ️ Affiliates:
Learn how to code with CodeCrafters: https://jh.live/codecrafters
Host your own VPN with OpenVPN: https://jh.live/openvpn
Get Blue Team Training and SOC Analyst Certifications with CyberDefenders: https://jh.live/cyberdefense
Master Binary Files and Protocols with Gynvael Coldwind: https://jh.live/hackarcana (code MBF-JH-10 gives 10% off!)John HammondRead More