Reversing Revil Malware β Part 2 - String Obfuscation and Configuration Setup
· β 8 min read · βοΈ suidroot
This is the second in a series looking at part of the Revil malware. The first post covered a triage and unpacking of the first stage. The post will look at the high-level flow and look in-depth at the configuration embedded in the sample and some options.
Revil Process Diagram Looking at the flow diagram (shown above), there is a pretty straightforward flow to the sample. It initially sets itself up by resolving the import table, reading the embedded configuration data, and command-line arguments.