Unpacking Bokbot / IcedID Malware - Part 1 - - vimore.org

Unpacking Bokbot / IcedID Malware - Part 1

Unpacking Bokbot / IcedID Malware - Part 1

YouTube

We demonstrate how to unpack the first two stages of Bokbot / IcedID malware with x64dbg, PeBear, and IDA Pro. Expand for more... Original sample: 0ca2971ffedf0704ac5a2b6584f462ce27bac60f17888557dc8cd414558b479e https://cape.contextis.com/analysis/21237/ Stage1 (packed UPX): 7f463bd55aa360032fbd6489b4e34455178a35254ff66c1cd98d0775437074b4 https://cape.contextis.com/analysis/21240/ Stage2 (custom injector): 89a0325379e1e868b668955ed41ba0faa724845028bc961a0691f19e5213dedf https://cape.contextis.com/analysis/21241/ Talos blog post on Bokbot injection method: https://blog.talosintelligence.com/2018/04/icedid-banking-trojan.html Vitali Kremez analysis of IcedID: https://www.vkremez.com/2018/09/lets-learn-deeper-dive-into.html TUTORIAL - How to setup a FREE malware analysis VM https://oalabs.openanalysis.net/2018/07/16/oalabs_malware_analysis_virtual_machine/ Stay tuned for PART 2 ... Feedback, questions, and suggestions are always welcome : ) Sergei https://twitter.com/herrcore Sean https://twitter.com/seanmw As always check out our tools, tutorials, and more content over at https://www.openanalysis.net



Reverse Engineering IcedID / Bokbot Malware Part 2

We reverse engineer the IcedID custom malware injection component using IDA Pro, x64dbg, and some Python (API Scout). Expand for details... 14:45 - Unpacking l

YouTube

Oldest Technologies Scientists Still Can't Explain

Subscribe ► http://goo.gl/WPKt5w Human beings are capable of building incredible structures, from the latest cutting-edge office blocks to artistic sculptures.

YouTube

How Do Packers Work - Reverse Engineering "FUD" Aegis Crypter

Open Analysis Live! We reverse engineer the Aegis Crypter and take a look at how packers work from the malware developer's perspective... Calc.exe packed with

YouTube

UPX Unpacking

Plot of UPX entropy as it unpacks its payload.

YouTube

Turning Trickbot: decoding an encrypted command-and-control channel

This presentation by Andrew Brandt (Symantec) was presented at VB2017 in Madrid, Spain. Trickbot, which appeared this year, seems to be a new, more modular, an

YouTube

Radio Hacking: Reverse Engineering Protocols Part 1 - Hak5 1913

Today on Hak5, Mike Ossmann joins us in studio to talk reverse engineering protocols for radio hacking. Shop: http://www.hakshop.com Support: http://www.patreo

YouTube

How to use x64dbg debugger ( x64dbg quick tut ) | Using x64 dbg on Windows 10

x64dbg debugger reverse engineering tutorial + how to hack software | Hack & protect software from cracking [Series] ===================================== Subsc

YouTube

Analysing a Firefox Malware browserassist.dll - FLARE-On 2018

This is another challenge of the FLARE-On 2018 CTF. This challenge is about analysing the functionality of a Firefox malware, but I got really lucky :D -=[ ❤️

YouTube

Analyzing Trickbot | VMRay

Watch this video analysis of Trickbot (found on May 16th, 2019) which attempts to steal data from Outlook, Chrome, Internet Explorer, Firefox and more. View t

YouTube

Solucion Reto Hackme Softdat Unpack UPX VB

Unpacker UPX : http://swiftation.com/18838831/unpacker-upx Hackme Softdat CLS : http://swiftation.com/18838831/hackme-softdat Debugger X64dbg : http://swifta

YouTube

Overcome Self-Defending Malware - Tools, Techniques and Lab Setup

Here I demonstrate how to overcome a simple self-defence tactic that some malware samples commonly utilise to target their victims and prevent sandbox / VM anal

YouTube

Unpacking Redaman Malware & Basics of Self-Injection Packers - ft. OALabs

OALabs shows a walk-through of how to unpack a sample malware and explains some basics about packers. You can learn about using x64debug, IDA and PE-Bear. OALa

YouTube

Unpacking Gootkit Malware With IDA Pro and X64dbg - Subscriber Request

Open Analysis Live! We use IDA Pro and x64dbg to unpack a recently packed Gootkit malware (stage1). This was a subscriber request asking us to determine how thi

YouTube

Olympic Destroyer - Quick behavioural Analysis of this Wiper Malware

Here I run through some behavioural analysis of Olympic Destroyer malware which steals local credentials, propagates around a network and renders victim machine

YouTube

Unpacking Themida 2.x 64bit … Without Actually Unpacking - REDUX!

Open Analysis Live! In this tutorial we show how to unpack a Themida 2.x 64bit PE file.... kind of : ) Instead of attacking the Themida protection directly we w

YouTube

CNIT 126 0: Malware Analysis Primer & 1: Basic Static Techniques (Part 1)

A college lecture at City College San Francisco. Based on "Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software", by Michael Sikorsk

YouTube

IDA Pro Malware Analysis Tips

Open Analysis Live! A few tips and tricks to help you analyze malware with IDA Pro. PE Mapped Virtual Address vs. Offset In Binary File: 02:55 IDA Pro Layout T

YouTube

Unpacking Princess Locker and Fixing Corrupted PE Header (OALabs x MalwareAnalysisForHedgehogs)

Open Analysis Live teams up with MalwareAnalysisForHedgehogs to unpack Princess Locker ransomware. We show how to use x64dbg and hooks on VirtualAlloc to dump t

YouTube

x64dbg | UPX Unpacker

x64dbg | UPX Unpacker In learning Tools for Imports Reconstruction ❭ Scylla - x64 / x86 Imports Reconstruction 0.9.7c: Https://tuts4you.com/e107_plugins/down

YouTube

Malware Analysis Part #1: Basic Static Analysis

Basic Static Malware Analysis with PEview = http://wjradburn.com/software/ CFF Explorer = http://www.ntcore.com/exsuite.php PEinsider = http://cerbero.io/peins

YouTube