Malware Analysis: Stealer - Mutex Check, Stackstrings, IDA (Part 1)

Автор: L!NK

Загружено: 2020-10-03

Просмотров: 4990

Описание:

In this series I will be analysing a crime stealer from basics to more advanced concepts in malware analysis. Get a cup of tea and watch me slowly analyse malware :-)

No sample (Sorry!)

Sample:
Build: June Build 1.1.6 (I think - the latest)

0:00:00 - Introduction
0:01:19 - Windows Defender malware analysis instructions for beginners
0:01:57 - Malwares ad text and images from forum
0:09:01 - Static Analysis PE Studio
0:12:00 - In IDA free with the packed sample
0:21:00 - In x32dbg with the packed sample
0:31:18 - Modifying binary sample for unpacked executable
0:34:11 - Unpacked sample in IDA
0:37:16 - Identifying an interesting function
0:41:25 - String analysis in unpacked sample
0:46:43 - Back in IDA to the interesting function
0:50:47 - Unpacked sample in x32dbg analysis
0:55:30 - Stack string identification in IDA
1:00:00 - Mutex analysis in x32dbg
1:03:30 - Process tokens analysis in x32dbg
1:10:00 - Debugger flow manipulation (Z flag modification)
1:14:09 - Next time

Further research from Cyber Ark: https://www.cyberark.com/resources/th...
Trend Micro research: https://blog.trendmicro.com/trendlabs...

Malware Analysis: Stealer - Mutex Check, Stackstrings, IDA (Part 1)

Доступные форматы для скачивания:

Скачать видео mp4

Информация по загрузке:

Скачать аудио mp3

Похожие видео

Malware Analysis: Stealer - XOR, CyberChef, x64Dbg Scripting (Part 2)

Malware Analysis: Stealer - XOR, CyberChef, x64Dbg Scripting (Part 2)

Malware Analysis: Stealer - RC4, C2 emulation, dump HTTP POST (Part 3)

Malware Analysis: Stealer - RC4, C2 emulation, dump HTTP POST (Part 3)

Reversing WannaCry Part 1 - Finding the killswitch and unpacking the malware in #Ghidra

Reversing WannaCry Part 1 - Finding the killswitch and unpacking the malware in #Ghidra

Make Malware Analysis FASTER with Binary Emulation

Make Malware Analysis FASTER with Binary Emulation

Reverse Engineering Smoke Loader: RC4, Anti-Analysis, Anti-VM

Reverse Engineering Smoke Loader: RC4, Anti-Analysis, Anti-VM

Эмуляция Emotet 64-bit и расшифровка строк с помощью Dumpulator [Twitch Clip]

Эмуляция Emotet 64-bit и расшифровка строк с помощью Dumpulator [Twitch Clip]

IDA Pro Malware Analysis Tips

IDA Pro Malware Analysis Tips

How I Debug DLL Malware (Emotet)

How I Debug DLL Malware (Emotet)

Malware Analysis & Reverse Engineering Course Track

Malware Analysis & Reverse Engineering Course Track

Analyzing the FBI's Qakbot Takedown Code (Malware Analysis & Reverse Engineering)

Analyzing the FBI's Qakbot Takedown Code (Malware Analysis & Reverse Engineering)

Emacs в 2026: Секретное оружие или старый хлам? |vim, vscode, lisp, org-mode|Podlodka Podcast #460

Emacs в 2026: Секретное оружие или старый хлам? |vim, vscode, lisp, org-mode|Podlodka Podcast #460

Analyzing Ransomware - Completing a FULL Analysis

Analyzing Ransomware - Completing a FULL Analysis

VPN умер? Новый протокол AmneziaWG невозможно заблокировать?

VPN умер? Новый протокол AmneziaWG невозможно заблокировать?

License to Kill: Malware Hunting with the Sysinternals Tools

License to Kill: Malware Hunting with the Sysinternals Tools

Malware Analysis - .NET Unpacking

Malware Analysis - .NET Unpacking

Getting Started With Ghidra For Malware Analysis

Getting Started With Ghidra For Malware Analysis

Practical Malware Analysis Essentials for Incident Responders

Practical Malware Analysis Essentials for Incident Responders

IDA Pro Malware Analysis: UnObfuscating API Calls - Hexorcist

IDA Pro Malware Analysis: UnObfuscating API Calls - Hexorcist

Memory Dump Unpacking - Finding Redline Stealer

Memory Dump Unpacking - Finding Redline Stealer

С нуля до миллионов на AI‑стартапах. Что отличает прототип от реального бизнеса | Максим Панфилов

С нуля до миллионов на AI‑стартапах. Что отличает прототип от реального бизнеса | Максим Панфилов