Firmware, essential to hardware functionality, increasingly becomes a prime target for cyber threat actors because of its foundational control over devices. This presentation delves into a detailed analysis of malware embedded within purported firmware updates for Sabrent devices, a case study revealing widespread exploitation. By leveraging advanced static and dynamic analysis techniques, we uncover the intricate workings of this malware, strategically hidden within seemingly legitimate firmware patches. Through meticulous investigation, including static examination for file headers, hashes, and embedded resources, and dynamic analysis within controlled environments, we decipher the malware’s operational stages. This includes its initial execution triggers, subsequent macro-driven deployments, and ultimate persistence mechanisms through registry modifications, all orchestrated to evade detection and ensure prolonged access to compromised systems.

https://blog.deepsec.net/deepsec-talk-2024-firmware-forensics-analyzing-malware-embedded-in-device-firmware-diyar-saadi-ali/