Malware Analysis: Stealer - Mutex Check, Stackstrings, IDA (Part 1)
In this series I will be analysing a crime stealer from basics to more advanced concepts in malware analysis. Get a cup of tea and watch me slowly analyse malware :-)
No sample (Sorry!)
Sample:
- Build: June Build 1.1.6 (I think - the latest)
0:00:00 - Introduction
0:01:19 - Windows Defender malware analysis instructions for beginners
0:01:57 - Malwares ad text and images from forum
0:09:01 - Static Analysis PE Studio
0:12:00 - In IDA free with the packed sample
0:21:00 - In x32dbg with the packed sample
0:31:18 - Modifying binary sample for unpacked executable
0:34:11 - Unpacked sample in IDA
0:37:16 - Identifying an interesting function
0:41:25 - String analysis in unpacked sample
0:46:43 - Back in IDA to the interesting function
0:50:47 - Unpacked sample in x32dbg analysis
0:55:30 - Stack string identification in IDA
1:00:00 - Mutex analysis in x32dbg
1:03:30 - Process tokens analysis in x32dbg
1:10:00 - Debugger flow manipulation (Z flag modification)
1:14:09 - Next time
Further research from Cyber Ark: https://www.cyberark.com/resources/threat-research-blog/raccoon-the-story-of-a-typical-infostealer
Trend Micro research: https://blog.trendmicro.com/trendlabs-security-intelligence/raccoon-stealers-abuse-of-google-cloud-services-and-multiple-delivery-techniques/
Видео Malware Analysis: Stealer - Mutex Check, Stackstrings, IDA (Part 1) канала L!NK
No sample (Sorry!)
Sample:
- Build: June Build 1.1.6 (I think - the latest)
0:00:00 - Introduction
0:01:19 - Windows Defender malware analysis instructions for beginners
0:01:57 - Malwares ad text and images from forum
0:09:01 - Static Analysis PE Studio
0:12:00 - In IDA free with the packed sample
0:21:00 - In x32dbg with the packed sample
0:31:18 - Modifying binary sample for unpacked executable
0:34:11 - Unpacked sample in IDA
0:37:16 - Identifying an interesting function
0:41:25 - String analysis in unpacked sample
0:46:43 - Back in IDA to the interesting function
0:50:47 - Unpacked sample in x32dbg analysis
0:55:30 - Stack string identification in IDA
1:00:00 - Mutex analysis in x32dbg
1:03:30 - Process tokens analysis in x32dbg
1:10:00 - Debugger flow manipulation (Z flag modification)
1:14:09 - Next time
Further research from Cyber Ark: https://www.cyberark.com/resources/threat-research-blog/raccoon-the-story-of-a-typical-infostealer
Trend Micro research: https://blog.trendmicro.com/trendlabs-security-intelligence/raccoon-stealers-abuse-of-google-cloud-services-and-multiple-delivery-techniques/
Видео Malware Analysis: Stealer - Mutex Check, Stackstrings, IDA (Part 1) канала L!NK
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
![Wireshark - Malware traffic Analysis](https://i.ytimg.com/vi/3t1BNAavrlQ/default.jpg)
![Fileless Malware Demystified](https://i.ytimg.com/vi/atL1WmmMJJw/default.jpg)
![Reverse Engineering Smoke Loader: RC4, Anti-Analysis, Anti-VM](https://i.ytimg.com/vi/CvG3KSOnbQU/default.jpg)
![The Mystery Flaw of Solar Panels](https://i.ytimg.com/vi/yVOnHWnLSeU/default.jpg)
![Practical Malware Analysis Essentials for Incident Responders](https://i.ytimg.com/vi/20xYpxe8mBg/default.jpg)
![Splunk for Security Investigation: Endpoint Advanced Malware Analysis](https://i.ytimg.com/vi/LPmFDKQ5gDw/default.jpg)
![Removing Malware and Adware from your Mac!!!](https://i.ytimg.com/vi/QSqIWAKPBAk/default.jpg)
![Extracting Config From Malware - Guide](https://i.ytimg.com/vi/H_nekwmySuA/default.jpg)
![A day in the life of a malware analyst - Didier Stevens](https://i.ytimg.com/vi/FWITfzp2M5Q/default.jpg)
![Threat actors Sideloading - PlugX General Walkthrough](https://i.ytimg.com/vi/PWK2ittwNZA/default.jpg)
![Unpacking Quick Tip: Two Breakpoints to Unpack Hermes Ransomware](https://i.ytimg.com/vi/wkPsvYfA08g/default.jpg)
![IDA Pro Malware Analysis Tips](https://i.ytimg.com/vi/qCQRKLaz2nQ/default.jpg)
![r2con2019 - Windows Malware Analysis with r2 for Beginner](https://i.ytimg.com/vi/DnZLy_sq-nY/default.jpg)
![Best Malware Analysis Tools | Learn Malware Analysis](https://i.ytimg.com/vi/Wh_DJTaDq6U/default.jpg)
![Reverse Engineering Malware - String Obfuscation](https://i.ytimg.com/vi/em9zJI5LumI/default.jpg)
![Farming Binaries - Obfuscating through inline assembly and more](https://i.ytimg.com/vi/SrFcpBI8Uvw/default.jpg)
![Adylkuzz CryptoMiner - A quick behavioural analysis](https://i.ytimg.com/vi/-T0SjvIo910/default.jpg)
![Ransomware Analysis: 1 - WannaCry](https://i.ytimg.com/vi/Qh1LAbzzfBs/default.jpg)
![Overcome Self-Defending Malware - Tools, Techniques and Lab Setup](https://i.ytimg.com/vi/rtkAwfM7QO8/default.jpg)
![Unpacking Bokbot / IcedID Malware - Part 1](https://i.ytimg.com/vi/wObF9n2UIAM/default.jpg)