Analysing an Emotet Downloader with CMD Watcher and CyberChef - - vimore.org

Analysing an Emotet Downloader with CMD Watcher and CyberChef

Analysing an Emotet Downloader with CMD Watcher and CyberChef

YouTube

Here I showcase how you can use an awesome tool from Kahu Security called CMD Watcher; which watches for where cmd.exe is invoked, suspends the process, extracts the command line and then kills the process. I show you how to use this awesome tool to help analyse a malicious .doc file which is designed to download Emotet malware. The macros are designed to invoke cmd.exe to further invoke PowerShell, and CMD Watcher makes it super easy to grab the command line without further infection giving you time to perform additional analysis. This is a great tool to have in your arsenal as a malware analyst. Many thanks for @campuscodi for sharing and for Kahu Security for developing. Key Links: https://twitter.com/campuscodi/status/1060696216504274945 http://www.kahusecurity.com/tools.html Python Script: https://pastebin.com/W2vqY0uq CyberChef Recipe: https://gchq.github.io/CyberChef/#recipe=From_Base64('A-Za-z0-9%2B/%3D',true)Raw_Inflate(0,0,'Adaptive',false,false)Regular_expression('URL','(%5BA-Za-z%5D%2B://)(%5B-%5C%5Cw%5D%2B(?:%5C%5C.%5C%5Cw%5B-%5C%5Cw%5D*)%2B)(:%5C%5Cd%2B)?(/%5B%5E.!,?%22%3C%3E%5C%5C%5B%5C%5C%5D%7B%7D%5C%5Cs%5C%5Cx7F-%5C%5CxFF%5D*(?:%5B.!,?%5D%2B%5B%5E.!,?%22%3C%3E%5C%5C%5B%5C%5C%5D%7B%7D%5C%5Cs%5C%5Cx7F-%5C%5CxFF%5D%2B)*)?',true,true,false,false,false,false,'List%20matches')Split('@','%5C%5Cn')



Overcome Self-Defending Malware - Tools, Techniques and Lab Setup

Here I demonstrate how to overcome a simple self-defence tactic that some malware samples commonly utilise to target their victims and prevent sandbox / VM anal

YouTube

Reversing Malicious Office Document (Macro) Emotet(?)

OLEVBA - https://github.com/decalage2/oletools/wiki/olevba 1:58 - Extract Macro with olevba 2:40 - ExifTool to examine Document Metadata (Comments used in Macr

YouTube

Cooking with CyberChef

As a continuation of the "Introduction to Windows Forensics" series, this episode looks at CyberChef, a powerful web-based app that provides a multitude of oper

YouTube

What is Emotet

Emotet is the latest banking Trojan being used by hackers to more effectively exploit users environments. Pete discusses Emotet and ways to build a security pos

YouTube

HackTheBox - Celestial - PTWS Echo Up & CyberChef

PenTest.WS demonstration hacking the Celestial machine from HackTheBox.eu. This video includes using the Echo Up tool to easily create files on a remote host. A

YouTube

5 of the Worst Computer Viruses Ever

Michael Aranda explains five of the worst computer viruses that have hit the net! Hosted by: Michael Aranda ---------- Support SciShow by becoming a patron on

YouTube

Analysing Obfuscated VBA - Extracting indicators from a Trickbot downloader

A rather lengthy video to showcase my analysis techniques and thought processes when analysing malicious macros. In this case I review a Trickbot downloader whi

YouTube

Oldest Technologies Scientists Still Can't Explain

Subscribe ► http://goo.gl/WPKt5w Human beings are capable of building incredible structures, from the latest cutting-edge office blocks to artistic sculptures.

YouTube

Introduction to KAPE

As a continuation of the "Introduction to Windows Forensics" series, this episode covers an exciting new tool from Kroll and Eric Zimmerman called KAPE. From th

YouTube

Using WhatsApp for Malware Persistence

Here I demonstrate how a DLL Search Order Hijack bug in WhatsApp for Windows can be exploited by Malware to remain persistent. It's a little tongue-in-cheek, bu

YouTube

15 Command Prompt Secrets and Tricks in Windows

DID YOU KNOW THESE COMMAND PROMPT SECRETS? ● More Top Lists ➤ https://www.youtube.com/playlist?list=PLFr3c472Vstw-sCvBrlRTelW3ULg1-w3n ● Subscribe Here ➤ http

YouTube

Was macht den Emotet-Trojaner so gefährlich?

Achtung Dynamit-Phishing: Die gefährliche Trojaner-Welle Emotet legt ganze Firmen lahm. BSI, CERT-Bund und Cybercrime-Spezialisten der LKAs sehen eine akute Wel

YouTube

Hacking Websites with SQL Injection - Computerphile

Websites can still be hacked using SQL injection - Tom explains how sites written in PHP (and other languages too) can be vulnerable and have basic security iss

YouTube

Malicious Powerpoint and .jse behavioural and code analysis

A really interesting sample recently came to light where a mouse-hover event in Powerpoint would invoke Powershell to download a malicious .jse file. Here I s

YouTube

CVE-2017-11882 - 3 ways to perform technical analysis, 1 easy way to protect

Here I show you technical analysis of a fascinating exploit CVE-2017-11882 which takes advantage of a buffer overflow vulnerability in Microsoft Office Equation

YouTube

Unpacking Emotet / Geodo (Stage 1) Using x64dbg - Subscriber Request

Open Analysis Live! We use x64dbg to unpack a new Emotet / Geodo malware (Stage 1). This was a subscriber request asking us to determine how this was packed. P

YouTube

Five Awesome Tools to perform Behavioural Analysis of Malware

Here I show you 5 of my favourite tools to use for behavioural analysis. They are: 1. Process Hacker (http://processhacker.sourceforge.net/) 2. Process Monitor

YouTube

Emotet - The Evolution of Malware

Emotet is a highly sophisticated and destructive malware that is causing huge problems for organisations around the world.

YouTube

Hiding Malicious code using windows CMD - Dosfuscation

I created a video showing how to de-obfuscate a DOSfuscated PowerShell command obtained from an infected Word Document. Here you will learn some simple tricks

YouTube

CyberChef - A must have security tool

CyberChef is a powerful tool for cyber data analysis that could be used by technical and non-technical analysts to manipulate data in complex ways without havin

YouTube