A .WAV With A Payload, (Tue, Apr 21st)

This short analysis demonstrates a technique where threat actors replace the audio bytes of a .wav file with a BASE64 representation of an XOR-encoded PE executable. The author shows extracting the payload with a base64 dump, recovering the XOR key via a known-plaintext attack targeting the DOS header, and extracting the decoded PE for further analysis.