Open Analysis Live! We unpack TrickBot and extract it's configuration file using x64dbg and a Python script from the KevinTheHermit project. Expand for more... Packed sample (download the zip file): Sha256: fa9ad80c0977cdbfe8419d27ca9ad909d34f1737df726f4d175f6b85b0670074 http://www.malware-traffic-analysis.net/2018/05/16/index.html Unpacked Stage 2: Sha256: 5609b3f916346146771b721ee20f7679ce87b7fc4b6a18bf6adf7201b98c5e22 https://malshare.com/sample.php?action=detail&hash=89ae5e21d6cf455f467cfaf62350848c Unpacked Stage 3 (Trickbot payload): Sha256: 54dd37adfb6917060392a89b539b8402c7166f452cd5534df6ea9df607908181 https://malshare.com/sample.php?action=detail&hash=442da27968cc93d780cfd96c2399950c Kevin the hermit config extractors: https://github.com/kevthehermit/RATDecoders Modified standalone version of TrickBot extractor: https://gist.github.com/herrcore/35ad5644f940012487e3aff5034bff74 Sysopfb github (more malware analysis scripts): https://github.com/sysopfb x64dbg: https://x64dbg.com/#start More TrickBot samples to practice unpacking: http://www.malware-traffic-analysis.net/2018/05/24/index2.html http://www.malware-traffic-analysis.net/2018/05/25/index2.html http://www.malware-traffic-analysis.net/2018/05/15/index2.html http://www.malware-traffic-analysis.net/2018/05/01/index2.html Tutorial on self-injection unpacking: https://www.youtube.com/watch?v=WthvahlAYFY Feedback, questions, and suggestions are always welcome : ) Sergei https://twitter.com/herrcore Sean https://twitter.com/seanmw As always check out our tools, tutorials, and more content over at http://www.openanalysis.net
We demonstrate how to unpack the first two stages of Bokbot / IcedID malware with x64dbg, PeBear, and IDA Pro. Expand for more... Original sample: 0ca2971ffedf
How to Automate Stuff with Python... https://cleverprogrammer.lpages.co/automate-stuff-with-python Join the 3-part epic masterclass that shows you how to becom
Will from Vidello looks at some of the biggest billionaires in 2019 and some of the most amazing things they own! These are Vidello's Top 50 Billionaires In T
This tip was released via Twitter (@laurachappell). When you suspect a host has been compromised, always open the Protocol Hierarchy window. Look for unusual ap
A rather lengthy video to showcase my analysis techniques and thought processes when analysing malicious macros. In this case I review a Trickbot downloader whi
New propulsion technology is explained and the most advanced the ion engine, which in theory can propel a spacecraft nearing the speed of light.
x64dbg debugger reverse engineering tutorial + how to hack software | Hack & protect software from cracking [Series] ===================================== Subsc
In this first video of the "Reversing WannaCry" series we will look at the infamous killswitch and the installation and unpacking procedure of WannaCry. The sa
The Emotet banking trojan is one nasty threat. Part Trojan, part network worm that steals banking information, contact address books and performs DDOS attacks.
Gojira - Full Set Performance - Bloodstock Open Air Metal Festival 2016. Full Set Performance http://www.bloodstock.uk.com
Open Analysis Live! We analyze Adwind / JRAT malware using x64dbg and Java ByteCode Viewer. This was a subscriber request asking us to take a closer look at Adw
You should always exercise caution when connecting to open Wi-Fi. But here is the question, just how easy is it to capture data from public free Wi-Fi? Gary exp
Open Analysis Live! In this tutorial we unpack a new version of GlobeImposter ransomeware using the X32bg / X64dbg debugger. Original packed sample: https://m
Here I showcase how you can use an awesome tool from Kahu Security called CMD Watcher; which watches for where cmd.exe is invoked, suspends the process, extract
Shows how to write a virus in Python and demonstrates executing the virus and verifying that the virus spread.
Open Analysis Live! We use IDA Pro and the debugger to unpack a Loki malware sample from a packer that has a ton of anti-analysis, anti-debug, and ant-vm tricks
A part of ethical: link for x64dbg------ https://x64dbg.com/#start link for power iso ------------ https://www.poweriso.com/downloa
Open Analysis Live! This is a re-post from our old site. We walk though the steps needed to unpack process injection using IDA Pro. In this first part we identi
Open Analysis Live! We use x64dbg to unpack a new Emotet / Geodo malware (Stage 1). This was a subscriber request asking us to determine how this was packed. P