Robbinhood Malware Analysis with Radare2

July 1, 2019

This article will provide an overview of how we can extract function names from Windows GoLang binaries to make reversing easier and to give a brief analysis on the Robbinhood Ransomware that attacked Baltimore recently. GoLang is a programming language designed around multi-threaded applications. The difficulty in reversing GoLang binaries is that all libraries are statically linked which means there will be a large number of functions in the application, most of which are not even used during execution. For example, in a normal Hello World compiled GoLang binary, radare2 detects 1800 functions....

Reverse Engineering, Radare2, Malware Analysis, Malware, Linux, Windows, Scripting, Automation, r2pipe, GoLang

Page 1 of 1