Malware Analysis Decrypt NighHawk Strings with Ghidra Scripting [Video]

Thread starter struppigel
Start date Dec 4, 2022

struppigel

Super Moderator

Thread author

Verified

Staff Member

Well-known

Forum Veteran

Dec 4, 2022

#1

Ghidra makes scripting very easy. I show how to deobfuscate strings in a NightHawk malware sample.

00:00 Intro
01:11 Finding the decryption function
06:17 Creating a proper C++ string type
12:20 Understanding the decryption function
17:14 Writing the script
24:58 Running the script & cleaning mistakes

Reactions: marksti64, vtqhtr413, upnorth and 1 other person

You may also like...

Malware Analysis [Video] D3f@ck loader analysis from InnoSetup to JPHP
- Started by struppigel
- May 20, 2024
- Replies: 2
Malware Analysis
Malware Analysis Discord Token Stealer Distributed as Fake Java Game
- Started by Trident
- Aug 11, 2025
- Replies: 5
Malware Analysis
Hot Take Missed script malware by signature analysis
- Started by Parkinsond
- Nov 8, 2025
- Replies: 100
General Security Discussions
App Review AV test #3 - Malwarebytes is very dissapointing
- Started by Khushal
- Jul 16, 2025
- Replies: 3
Video Reviews - Security and Privacy
Malware Analysis [Video] Malware unpacking methods and a generic unpacking approach
- Started by struppigel
- Mar 17, 2024
- Replies: 2
Malware Analysis

Share:

Facebook X Bluesky LinkedIn Reddit WhatsApp Email Link