Unpacking and Extracting TrickBot Malware Configuration With x64dbg and Python - - vimore.org

Unpacking and Extracting TrickBot Malware Configuration With x64dbg and Python

Unpacking and Extracting TrickBot Malware Configuration With x64dbg and Python

YouTube

Open Analysis Live! We unpack TrickBot and extract it's configuration file using x64dbg and a Python script from the KevinTheHermit project. Expand for more... Packed sample (download the zip file): Sha256: fa9ad80c0977cdbfe8419d27ca9ad909d34f1737df726f4d175f6b85b0670074 http://www.malware-traffic-analysis.net/2018/05/16/index.html Unpacked Stage 2: Sha256: 5609b3f916346146771b721ee20f7679ce87b7fc4b6a18bf6adf7201b98c5e22 https://malshare.com/sample.php?action=detail&hash=89ae5e21d6cf455f467cfaf62350848c Unpacked Stage 3 (Trickbot payload): Sha256: 54dd37adfb6917060392a89b539b8402c7166f452cd5534df6ea9df607908181 https://malshare.com/sample.php?action=detail&hash=442da27968cc93d780cfd96c2399950c Kevin the hermit config extractors: https://github.com/kevthehermit/RATDecoders Modified standalone version of TrickBot extractor: https://gist.github.com/herrcore/35ad5644f940012487e3aff5034bff74 Sysopfb github (more malware analysis scripts): https://github.com/sysopfb x64dbg: https://x64dbg.com/#start More TrickBot samples to practice unpacking: http://www.malware-traffic-analysis.net/2018/05/24/index2.html http://www.malware-traffic-analysis.net/2018/05/25/index2.html http://www.malware-traffic-analysis.net/2018/05/15/index2.html http://www.malware-traffic-analysis.net/2018/05/01/index2.html Tutorial on self-injection unpacking: https://www.youtube.com/watch?v=WthvahlAYFY Feedback, questions, and suggestions are always welcome : ) Sergei https://twitter.com/herrcore Sean https://twitter.com/seanmw As always check out our tools, tutorials, and more content over at http://www.openanalysis.net



Unpacking Bokbot / IcedID Malware - Part 1

We demonstrate how to unpack the first two stages of Bokbot / IcedID malware with x64dbg, PeBear, and IDA Pro. Expand for more... Original sample: 0ca2971ffedf

YouTube

21 - how to use zip functions in python (Python tutorial for beginners 2019)

How to Automate Stuff with Python... https://cleverprogrammer.lpages.co/automate-stuff-with-python Join the 3-part epic masterclass that shows you how to becom

YouTube

Top 50 Billionaires In The World For 2019 - Billionaire Lifestyles

Will from Vidello looks at some of the biggest billionaires in 2019 and some of the most amazing things they own! These are Vidello's Top 50 Billionaires In T

YouTube

Wireshark Tip 4: Finding Suspicious Traffic in Protocol Hierarchy

This tip was released via Twitter (@laurachappell). When you suspect a host has been compromised, always open the Protocol Hierarchy window. Look for unusual ap

YouTube

Analysing Obfuscated VBA - Extracting indicators from a Trickbot downloader

A rather lengthy video to showcase my analysis techniques and thought processes when analysing malicious macros. In this case I review a Trickbot downloader whi

YouTube

NASA's Engines and Possible Speed of Light Propulsion?

New propulsion technology is explained and the most advanced the ion engine, which in theory can propel a spacecraft nearing the speed of light.

YouTube

How to use x64dbg debugger ( x64dbg quick tut ) | Using x64 dbg on Windows 10

x64dbg debugger reverse engineering tutorial + how to hack software | Hack & protect software from cracking [Series] ===================================== Subsc

YouTube

Reversing WannaCry Part 1 - Finding the killswitch and unpacking the malware in #Ghidra

In this first video of the "Reversing WannaCry" series we will look at the infamous killswitch and the installation and unpacking procedure of WannaCry. The sa

YouTube

Emotet Banking Trojan - How a Single Mouse Click Cost a North Carolina School District $314,000

The Emotet banking trojan is one nasty threat. Part Trojan, part network worm that steals banking information, contact address books and performs DDOS attacks.

YouTube

GOJIRA - Full Set Performance - Bloodstock 2016

Gojira - Full Set Performance - Bloodstock Open Air Metal Festival 2016. Full Set Performance http://www.bloodstock.uk.com

YouTube

Analyzing Adwind / JRAT Java Malware

Open Analysis Live! We analyze Adwind / JRAT malware using x64dbg and Java ByteCode Viewer. This was a subscriber request asking us to take a closer look at Adw

YouTube

How easy is it to capture data on public free Wi-Fi? - Gary explains

You should always exercise caution when connecting to open Wi-Fi. But here is the question, just how easy is it to capture data from public free Wi-Fi? Gary exp

YouTube

Unpacking GlobeImposter Ransomware With x32dbg

Open Analysis Live! In this tutorial we unpack a new version of GlobeImposter ransomeware using the X32bg / X64dbg debugger. Original packed sample: https://m

YouTube

Analysing an Emotet Downloader with CMD Watcher and CyberChef

Here I showcase how you can use an awesome tool from Kahu Security called CMD Watcher; which watches for where cmd.exe is invoked, suspends the process, extract

YouTube

Creating a Virus in Python

Shows how to write a virus in Python and demonstrates executing the virus and verifying that the virus spread.

YouTube

How To Defeat Anti-VM and Anti-Debug Packers With IDA Pro

Open Analysis Live! We use IDA Pro and the debugger to unpack a Loki malware sample from a packer that has a ton of anti-analysis, anti-debug, and ant-vm tricks

YouTube

Cracking Software with x64dbg-2018-19

A part of ethical: link for x64dbg------ https://x64dbg.com/#start link for power iso ------------ https://www.poweriso.com/downloa

YouTube

Unpacking Process Injection Malware With IDA PRO (Part 1)

Open Analysis Live! This is a re-post from our old site. We walk though the steps needed to unpack process injection using IDA Pro. In this first part we identi

YouTube

Unpacking Emotet / Geodo (Stage 1) Using x64dbg - Subscriber Request

Open Analysis Live! We use x64dbg to unpack a new Emotet / Geodo malware (Stage 1). This was a subscriber request asking us to determine how this was packed. P

YouTube