Unpacking Emotet / Geodo (Stage 1) Using x64dbg - Subscriber Request - - vimore.org

Unpacking Emotet / Geodo (Stage 1) Using x64dbg - Subscriber Request

Unpacking Emotet / Geodo (Stage 1) Using x64dbg - Subscriber Request

YouTube

Open Analysis Live! We use x64dbg to unpack a new Emotet / Geodo malware (Stage 1). This was a subscriber request asking us to determine how this was packed. Packed sample: Sha256: c41cbad1ee87b9156c389962608cf25570ca176903b299cb3415f3fc3a23ebbe https://malshare.com/sample.php?action=detail&hash=90c2c10001134ab2a1cc87ec4382b197 x64dbg: https://x64dbg.com/#start PE-bear: https://hshrzd.wordpress.com/pe-bear/ PyIATRebuild: https://github.com/OALabs/PyIATRebuild Unpacked (stage 1): c3f43896913c17f91c0d95924ac426e89928b8eef93da7dc107a7a0891c7a860 https://malshare.com/sample.php?action=detail&hash=01e0cf87ee2e22ff40e648aa82409ce4 Feedback, questions, and suggestions are always welcome : ) Sergei https://twitter.com/herrcore Sean https://twitter.com/seanmw As always check out our tools, tutorials, and more content over at http://www.openanalysis.net



Unpacking Gootkit Malware With IDA Pro and X64dbg - Subscriber Request

Open Analysis Live! We use IDA Pro and x64dbg to unpack a recently packed Gootkit malware (stage1). This was a subscriber request asking us to determine how thi

YouTube

How to crack Bigasoft Total Video Converter and remove the trial limitations using x64dbg

How to crack Bigasoft Total Video Converter and remove the trial limitations using x64dbg http://morituri.co.nf/

YouTube

Reversing Malicious Office Document (Macro) Emotet(?)

OLEVBA - https://github.com/decalage2/oletools/wiki/olevba 1:58 - Extract Macro with olevba 2:40 - ExifTool to examine Document Metadata (Comments used in Macr

YouTube

Technical Analysis of a Word Zero Day - CVE-2017-0262 / CVE-2015-2545

Here I demonstrate to you how to analyse a Zero Day (now patched!) in Word which exploits an EPS vulnerability referenced in CVE-2017-0262 / CVE-2015-2545. Thi

YouTube

Unpacking Themida 2.x 64bit … Without Actually Unpacking - REDUX!

Open Analysis Live! In this tutorial we show how to unpack a Themida 2.x 64bit PE file.... kind of : ) Instead of attacking the Themida protection directly we w

YouTube

Phishing Attacken mit Banking-Trojaner Emotet im Umlauf (2018)

In diesem Video erkläre ich, was der Banking-Trojaner Emotet ist, was dieser mit Phishing zu tun hat und worauf es zu achten gilt, damit man nicht zum Opfer ein

YouTube

DEF CON 23 - Chris Domas - Repsych: Psychological Warfare in Reverse Engineering

Your precious 0-day? That meticulously crafted exploit? The perfect foothold? At some point, they'll be captured, dissected, and put on display. Reverse enginee

YouTube

11/15/18 Emotet Launches Major New Spam Campaign | AT&T ThreatTraq

http://go.att.com/f1e34f60 Originally recorded November 13, 2018 AT&T ThreatTraq welcomes your e-mail questions and feedback at attthreattraq@list.att.com

YouTube

Unpacking Princess Locker and Fixing Corrupted PE Header (OALabs x MalwareAnalysisForHedgehogs)

Open Analysis Live teams up with MalwareAnalysisForHedgehogs to unpack Princess Locker ransomware. We show how to use x64dbg and hooks on VirtualAlloc to dump t

YouTube

Bypassing Process Scanner Anti Hks and File Patching

Today we are looking at an extension of a great lesson by Stephen Chapman on bypassing process scanners that look for CE signatures in the process and slam us d

YouTube

Emotet JavaScript dropper deobfuscation and analysis

A very quick and dirty look at de-obfuscating a malicious Emotet JavaScript dropper and a little behavioural analysis thrown in for good measure. All within 9 m

YouTube

Analysing an Emotet Downloader with CMD Watcher and CyberChef

Here I showcase how you can use an awesome tool from Kahu Security called CMD Watcher; which watches for where cmd.exe is invoked, suspends the process, extract

YouTube

Unpacking and Extracting TrickBot Malware Configuration With x64dbg and Python

Open Analysis Live! We unpack TrickBot and extract it's configuration file using x64dbg and a Python script from the KevinTheHermit project. Expand for more...

YouTube

Malware Analysis - Unpacking njRAT Protected by Confuser v.1.9 and others

Unpacking and deobfuscation of .NET malware protected by Confuser v.1.9, Babel .NET, RPX and a custom dropper with Base64. The final payload is njRAT 0.7d aka B

YouTube

Unpacking Gootkit Part 2 - Debugging Anti-Analysis Tricks With IDA Pro and x64dbg

Open Analysis Live! We use IDA Pro and x64dbg to take a second look at Gootkit and determine how it uses files name checks to evade analysis. Expand for more...

YouTube

Emotet Banking Trojan - How a Single Mouse Click Cost a North Carolina School District $314,000

The Emotet banking trojan is one nasty threat. Part Trojan, part network worm that steals banking information, contact address books and performs DDOS attacks.

YouTube

Three and a half ways to unpack malware using Ollydbg

Here I demonstrate to you three (and a half!) ways to unpack malware. Malware is often packed for the purpose of AntiVirus and Analysis evasion, therefore it is

YouTube

Reversing for Newbies - Pt 1: Binary Patching (Lena151 Assembly Tutorials)

This video is for educational purposes only! This video shows you how to reverse engineer a simple executable provided by Lena151. In this video we make use o

YouTube

KringleCon 2018 - Chris Davis, Analyzing PowerShell Malware

Attend Free Online Virtual Hacker Conference: www.kringlecon.com Presented by: Chris Davis Learn information security skills: www.sans.org In this talk we disc

YouTube

Unpacking GlobeImposter Ransomware With x32dbg

Open Analysis Live! In this tutorial we unpack a new version of GlobeImposter ransomeware using the X32bg / X64dbg debugger. Original packed sample: https://m

YouTube