Focused on the analysis of GrimAgent, malware used in Ryuk ransomware intrusions.

• String decryptor (IDA)
• Rules: Yara / Suricata
• Launchers: Embedded files into the initial binary used as trampoline to achieve the payload execution (32b / 64b)