Reverse Engineering Walkthrough | Analyzing A Sample Of Arechclient2
released on 2023-07-18 @ 09:47:59 AM
SentinelOne found an initial loader that was implemented in AutoIt and uses Process Hollowing to load a .NET-based payload, they reconstructed the string decryption method enabling them to partially deobfuscate the loader.