In Malcat, hitting <Ctrl+M> will start the in-GUI MCP server (works in free version too). You can then interact with the current analysis using your LLM of choice.

Here I renamed functions and variables of the C2 dispatcher function for an unknown malware:

We're happy to announce that #malcat 0.9.13 is out!

You'll find a new Apple-silicon MacOS port, two integrated MCP servers (in-GUI +headless) for automated triage and an improved interface:

https://malcat.fr/blog/0913-is-out-macos-port-mcp-server-and-dark-mode

Sometimes, the absence of signature match is also interesting. Here the hashtag#Chrysalis sideloaded dll, where we can quickly spot the few interesting functions.

Make sure to check "Show UNK" !

A quick update on Malcat's MacOS development (apple silicon):

A couple of visual glitches, but the analysis & UI are now functional \o/

#Malcat tip:

#Kesakode can be useful even when facing unknown/packed samples. Check "Show UNK" and focus on unique code and strings.

Here a simple downloader:

Learn how to deobfuscate #Latrodectus using #malcat's scripting engine:

https://malcat.fr/blog/malcat-scripting-tutorial-deobfuscating-latrodectus/

#Malcat version 0.9.11 has been released, with support for ARM and Mach-O program analysis.
More details below:

https://malcat.fr/blog/0911-is-out-arm-and-macho-analysis/

#Malcat tip #10: analysing backdoored clean software can be hard.

A quick win is to pivot around known constants, thanks to Malcat's 400k+ constants DB (here a #Tropidoor dlder):

Updated #kesakode to 1.0.38:

Malware signatures:
* New malware entries: 20 new families
* Extended malware signatures: 661
* FP-fixed signatures: 79

Files:
* 36 new malicious samples in database
* 6687 new library objects seen
* 6218 new clean programs whitelisted

Database:
* 564116 new unique functions
* 197608 new unique strings
* 27 new unique constant fingerprints

Library signatures:
* Extended library signatures: 28
* FP-fixed signatures: 1