Emulating NotPetya bootloader with Miasm

NotPetya is a famous malware of the Petya family. It appeared in June 2017. The part running from the Master Boot Record (MBR) has been statically and dynamically studied, using for instance the Bochs debugger from IDA. Is another approach possible? This article’s goal is to show that we can emulate this bootloader using Miasm.


© 2021. All rights reserved.

Powered by Hydejack v9.1.4