CactusCon

CactusCon13
February 14-15, 2025
Mesa, AZ

Filtering by Tag: Mark Embrich

How Nefilim Dropper uses Polymorphism

Track 3
5 Feb 2022 9:00 AM - 10:00 AM

Nefilim’s malware sample uses a polymorphic dropper, meaning the file it drops may be one of over 2000 different file hashes. Polymorphism is used in a dropper to make a malware sample harder to detect, and I will explain a lot of basics about reverse engineer for a diverse IT security crowd.

Mark Embrich
Malware Analyst

Mark has been a Network Admin, System Admin, SOC Analyst, Sec Eng, Forensics Analyst, Threat Detection Analyst, and Malware Analyst.