Written by: Muhammad Umair
Here at Mandiant FLARE, malware reverse engineering is a regular part of our day jobs. At times we are required to perform basic triages on binaries, where every hour saved is critical to incident response timelines. At other times we examine complicated samples for days developing comprehensive analysis reports. As we face larger and more complex malware, often written in modern languages like Rust, knowing where to go, what to look at, and developing a “map” of the malware forms a significant effort that directly impacts our response times and triage effectiveness.
Today we introduce a new tool, XRefer (pronounced eks-reffer), which aims to shoulder some of this burden for anyone who endeavors to go down these rabbit holes like us, helping analysts get to the important parts faster while maintaining the context of their investigation.
- aside_block
- <ListValue: [StructValue([('title', 'Get XRefer now!'), ('body', <wagtail.rich_text.RichText object at 0x3e847799e550>), ('btn_text', 'Download'), ('href', 'https://github.com/mandiant/xrefer'), ('image', None)])]>
Introduction
XRefer provides a persistent companion view to assist analysts in navigating and understanding binaries. It’s a modular and extensible tool that comes in the form of an IDA Pro plugin. Figure 1 shows the XRefer interface.
<
div class=”block-image_full_width”>
<div class="article-module h-c-page">
<div class="h-c-grid">
<figure class="article-image--large
h-c-grid__col
h-c-grid__col--6 h-c-grid__col--offset-3
">
<img alt="XRefer opened as a side pane, displaying Cluster Tables" src="https://storage.googleapis.com/gweb-cloudblog-pub
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from Threat Intelligence