Unpacking Emotet / Geodo (Stage 1) Using x64dbg - Subscriber Request
Open Analysis Live! We use x64dbg to unpack a new Emotet / Geodo malware (Stage 1). This was a subscriber request asking us to determine how this was packed.
-----
OALABS DISCORD
https://discord.gg/6h5Bh5AMDU
OALABS PATREON
https://www.patreon.com/oalabs
OALABS TIP JAR
https://ko-fi.com/oalabs
OALABS GITHUB
https://github.com/OALabs
UNPACME - AUTOMATED MALWARE UNPACKING
https://www.unpac.me/#/
-----
Packed sample:
Sha256:
c41cbad1ee87b9156c389962608cf25570ca176903b299cb3415f3fc3a23ebbe
https://malshare.com/sample.php?action=detail&hash=90c2c10001134ab2a1cc87ec4382b197
x64dbg:
https://x64dbg.com/#start
PE-bear:
https://hshrzd.wordpress.com/pe-bear/
PyIATRebuild:
https://github.com/OALabs/PyIATRebuild
Unpacked (stage 1):
c3f43896913c17f91c0d95924ac426e89928b8eef93da7dc107a7a0891c7a860
https://malshare.com/sample.php?action=detail&hash=01e0cf87ee2e22ff40e648aa82409ce4
Feedback, questions, and suggestions are always welcome : )
Sergei https://twitter.com/herrcore
Sean https://twitter.com/seanmw
As always check out our tools, tutorials, and more content over at http://www.openanalysis.net
Видео Unpacking Emotet / Geodo (Stage 1) Using x64dbg - Subscriber Request канала OALabs
-----
OALABS DISCORD
https://discord.gg/6h5Bh5AMDU
OALABS PATREON
https://www.patreon.com/oalabs
OALABS TIP JAR
https://ko-fi.com/oalabs
OALABS GITHUB
https://github.com/OALabs
UNPACME - AUTOMATED MALWARE UNPACKING
https://www.unpac.me/#/
-----
Packed sample:
Sha256:
c41cbad1ee87b9156c389962608cf25570ca176903b299cb3415f3fc3a23ebbe
https://malshare.com/sample.php?action=detail&hash=90c2c10001134ab2a1cc87ec4382b197
x64dbg:
https://x64dbg.com/#start
PE-bear:
https://hshrzd.wordpress.com/pe-bear/
PyIATRebuild:
https://github.com/OALabs/PyIATRebuild
Unpacked (stage 1):
c3f43896913c17f91c0d95924ac426e89928b8eef93da7dc107a7a0891c7a860
https://malshare.com/sample.php?action=detail&hash=01e0cf87ee2e22ff40e648aa82409ce4
Feedback, questions, and suggestions are always welcome : )
Sergei https://twitter.com/herrcore
Sean https://twitter.com/seanmw
As always check out our tools, tutorials, and more content over at http://www.openanalysis.net
Видео Unpacking Emotet / Geodo (Stage 1) Using x64dbg - Subscriber Request канала OALabs
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
Unpacking and Extracting TrickBot Malware Configuration With x64dbg and PythonReversing Malicious Office Document (Macro) Emotet(?)Unpacking Gootkit Malware With IDA Pro and X64dbg - Subscriber RequestHow Do Packers Work - Reverse Engineering "FUD" Aegis CrypterUnpacking Process Injection Malware With IDA PRO (Part 1)Getting Started with Base64 Encoding and Decoding & automation with bashEmotet Malware Analysis: Unpacking and Reversing Malicious DocumentThe World's Worst Botnet Just Got StrongerControl Flow Flattening Obfuscation Explained Practically [ Twitch Clip ]Wireshark - Malware traffic AnalysisUnpacking GlobeImposter Ransomware With x32dbgHow to crack Bigasoft Total Video Converter and remove the trial limitations using x64dbgFast Malware Unpacking With CryptDecrypt and RtlDecompressBufferUnpacking Redaman Malware & Basics of Self-Injection Packers - ft. OALabsHow To Defeat Anti-VM and Anti-Debug Packers With IDA ProMalware Analysis - Heodo - Emotet v4 - Microsoft Word MacroDumpulator - Using Binary Emulation To Automate Reverse EngineeringEmotet Malware Analysis - Part 1 - Deobfuscating VBS codex64dbg: How to find caller of function