Attackers use different variations of Base64 encoding; the idea is to prevent the Base64 decoding tools from decoding the data successfully. In this section, you will understand some of these techniques.
Some malware samples remove the padding character (=) from the end. A C2 communication made by a malware sample (Trojan Qidmorks) is shown later. The following post payload looks like it is encoded with base64 encoding:
When you try to decode the POST payload, you get the Incorrect padding error as follows:
The ...