Analyzing the FBI's Qakbot Takedown Code (Malware Analysis & Reverse Engineering)

Автор: Anuj Soni

Загружено: 2023-09-07

Просмотров: 6979

Описание:

🚀 Build real confidence analyzing malware. Join the waitlist. 🚀
https://go.themalwarelab.co/join

📄 Get my malware analysis template 📄
https://go.themalwarelab.co/get-template

🎥 Video Description 🎥
In this video, we analyze the FBI's Qakbot takedown code using malware analysis techniques.

⏱️ Timestamps ⏱️
0:00 - Intro
1:21 - Shellcode analysis with Malcat
7:23 - Identify functionality with Mandiant's capa
10:41 - Analyze shellcode with Ghidra
15:35 - Debug shellcode with runsc
19:40 - Review decoded executable with PEStudio
21:07 - Code analysis to confirm how Qakbot is terminated (warning: screen flickers here for a few seconds due to a recording error)

😈 Sample: https://github.com/as0ni/youtube-file...
🔑 Password: infected
Unzipped SHA-256: 7cdee5a583eacf24b1f142413aabb4e556ccf4ef3a4764ad084c1526cc90e117
Description: FBI Qakbot Takedown Code

🛠️ Tools 🛠️
Malcat: https://malcat.fr/
Ghidra: https://ghidra-sre.org/
Capa: https://github.com/mandiant/capa
Capa Rules: https://github.com/mandiant/capa-rules
Speakeasy: https://github.com/mandiant/speakeasy
x64dbg: https://x64dbg.com/
Runsc: https://github.com/edygert/runsc

📞 Follow Anuj on LinkedIn: / sonianuj

Analyzing the FBI's Qakbot Takedown Code (Malware Analysis & Reverse Engineering)

Доступные форматы для скачивания:

Скачать видео mp4

Информация по загрузке:

Скачать аудио mp3

Похожие видео

Как я запускаю и отлаживаю вредоносную службу (анализ вредоносного ПО)

Как я запускаю и отлаживаю вредоносную службу (анализ вредоносного ПО)

Malware Evasion Techniques: API Unhooking (Malware Analysis & Reverse Engineering)

Malware Evasion Techniques: API Unhooking (Malware Analysis & Reverse Engineering)

Deciphering Obfuscated JavaScript Malware

Deciphering Obfuscated JavaScript Malware

Decode Malware Strings with Conditional Breakpoints

Decode Malware Strings with Conditional Breakpoints

Basic Malware Analysis using Capa,VirusTotal & PE-Tree | Malbuster

Basic Malware Analysis using Capa,VirusTotal & PE-Tree | Malbuster

Make Malware Analysis FASTER with Binary Emulation

Make Malware Analysis FASTER with Binary Emulation

Посмотрите, как этот российский хакер взломал наш компьютер за считанные минуты | CNBC

Посмотрите, как этот российский хакер взломал наш компьютер за считанные минуты | CNBC

Debugging Malware: Extracting Hidden Payloads from Memory

Debugging Malware: Extracting Hidden Payloads from Memory

How to Extract Shellcode Using x64dbg (Malware Analysis)

How to Extract Shellcode Using x64dbg (Malware Analysis)

Analyze Malware Without Running It (Beginner Malware Analysis)

Analyze Malware Without Running It (Beginner Malware Analysis)

DNS Remote Code Execution: Finding the Vulnerability 👾 (Part 1)

DNS Remote Code Execution: Finding the Vulnerability 👾 (Part 1)

Reversing in action: Golang malware used in the SolarWinds attack. Part 1

Reversing in action: Golang malware used in the SolarWinds attack. Part 1

Анализ вредоносных программ — Ghidra, Cutter, Binary Ninja и IDA Free

Анализ вредоносных программ — Ghidra, Cutter, Binary Ninja и IDA Free

Как создать собственную лабораторию анализа вредоносного ПО в 2026 году

Как создать собственную лабораторию анализа вредоносного ПО в 2026 году

🔴 Malware Mondays Episode 05 - Using CAPA to identify capabilities in executable files

🔴 Malware Mondays Episode 05 - Using CAPA to identify capabilities in executable files

Three and a half ways to unpack malware using Ollydbg

Three and a half ways to unpack malware using Ollydbg

How I Debug DLL Malware (Emotet)

How I Debug DLL Malware (Emotet)

Getting Started with dnSpyEx - Unraveling a .NET Formbook Dropper

Getting Started with dnSpyEx - Unraveling a .NET Formbook Dropper

Code Reuse in Ransomware with Ghidra and BinDiff (Malware Analysis & Reverse Engineering)

Code Reuse in Ransomware with Ghidra and BinDiff (Malware Analysis & Reverse Engineering)

MALWARE Analysis with Wireshark // TRICKBOT Infection

MALWARE Analysis with Wireshark // TRICKBOT Infection