Dissecting ScatterBrain: A Deep Dive into Shadowpad's Sophisticated Obfuscator
2025-02-02
POISONPLUG.SHADOW (Shadowpad), a malware family first identified by Kaspersky, utilizes a custom obfuscating compiler, ScatterBrain, to evade detection. Google's Threat Intelligence Group (GTIG) and the FLARE team collaborated to reverse-engineer ScatterBrain, creating a standalone static deobfuscator. This deobfuscator tackles ScatterBrain's three protection modes (Selective, Complete, Complete "headerless"), neutralizing its control flow graph obfuscation, instruction mutations, and import table protection. This research significantly enhances the ability to analyze and counter sophisticated malware like Shadowpad.
Tech
Deobfuscation