Unpacking GlobeImposter Ransomware With x32dbg
Open Analysis Live! In this tutorial we unpack a new version of GlobeImposter ransomeware using the X32bg / X64dbg debugger.
-----
OALABS DISCORD
https://discord.gg/6h5Bh5AMDU
OALABS PATREON
https://www.patreon.com/oalabs
OALABS TIP JAR
https://ko-fi.com/oalabs
OALABS GITHUB
https://github.com/OALabs
UNPACME - AUTOMATED MALWARE UNPACKING
https://www.unpac.me/#/
-----
Original packed sample:
https://malshare.com/sample.php?action=detail&hash=612974dcb49adef982d9ad8d9cbdde36
Malware Traffic Analysis sample:
http://www.malware-traffic-analysis.net/2017/11/30/index.html
The x64bdg debugger:
https://x64dbg.com/#start
The unpacked sample:
https://malshare.com/sample.php?action=detail&hash=5a5e32203cf8eee1b7e9125b1c97ed94
OAPivot the chrome plugin for IOC searching:
https://chrome.google.com/webstore/detail/oapivot/nenjokibennmmllmdbifnmmgipppnfbm
Great blog on unpacking an earlier version of GlobeImposter:
http://www.vkremez.com/2017/08/lets-learn-how-to-unpack-globeimposter.html
Video explaining some anti-debugging tricks:
https://youtu.be/WlE8abc8V-4
Anti-debugging cheat sheet (PDF):
http://anti-reversing.com/Downloads/Anti-Reversing/The_Ultimate_Anti-Reversing_Reference.pdf
*Special hat-tip to Alex for recommending x64dbg and showing me some tricks: https://twitter.com/nullandnull
Feedback, questions, and suggestions are always welcome : )
Sergei https://twitter.com/herrcore
Sean https://twitter.com/seanmw
As always check out our tools, tutorials, and more content over at http://www.openanalysis.net
Видео Unpacking GlobeImposter Ransomware With x32dbg канала OALabs
-----
OALABS DISCORD
https://discord.gg/6h5Bh5AMDU
OALABS PATREON
https://www.patreon.com/oalabs
OALABS TIP JAR
https://ko-fi.com/oalabs
OALABS GITHUB
https://github.com/OALabs
UNPACME - AUTOMATED MALWARE UNPACKING
https://www.unpac.me/#/
-----
Original packed sample:
https://malshare.com/sample.php?action=detail&hash=612974dcb49adef982d9ad8d9cbdde36
Malware Traffic Analysis sample:
http://www.malware-traffic-analysis.net/2017/11/30/index.html
The x64bdg debugger:
https://x64dbg.com/#start
The unpacked sample:
https://malshare.com/sample.php?action=detail&hash=5a5e32203cf8eee1b7e9125b1c97ed94
OAPivot the chrome plugin for IOC searching:
https://chrome.google.com/webstore/detail/oapivot/nenjokibennmmllmdbifnmmgipppnfbm
Great blog on unpacking an earlier version of GlobeImposter:
http://www.vkremez.com/2017/08/lets-learn-how-to-unpack-globeimposter.html
Video explaining some anti-debugging tricks:
https://youtu.be/WlE8abc8V-4
Anti-debugging cheat sheet (PDF):
http://anti-reversing.com/Downloads/Anti-Reversing/The_Ultimate_Anti-Reversing_Reference.pdf
*Special hat-tip to Alex for recommending x64dbg and showing me some tricks: https://twitter.com/nullandnull
Feedback, questions, and suggestions are always welcome : )
Sergei https://twitter.com/herrcore
Sean https://twitter.com/seanmw
As always check out our tools, tutorials, and more content over at http://www.openanalysis.net
Видео Unpacking GlobeImposter Ransomware With x32dbg канала OALabs
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
![Unpacking Emotet / Geodo (Stage 1) Using x64dbg - Subscriber Request](https://i.ytimg.com/vi/4VBVMKdY-yg/default.jpg)
![Shade | Terrible Ransomware from Russia](https://i.ytimg.com/vi/xp-A-dEpSbw/default.jpg)
![Analyze JavaScript and VBScript Malware With x64dbg Debugger and API Hooking](https://i.ytimg.com/vi/uqhBsWXUw7Q/default.jpg)
![](https://i.ytimg.com/vi/9DEWCvhdmFM/default.jpg)
![Google CTF: Beginner Quest: FLOPPY2 (Debugging DOS Programs)](https://i.ytimg.com/vi/SCwvPh7PHug/default.jpg)
![How To Defeat Anti-VM and Anti-Debug Packers With IDA Pro](https://i.ytimg.com/vi/WlE8abc8V-4/default.jpg)
![CYBERWARCON 2019 - The Secret Life of Sandworms](https://i.ytimg.com/vi/xoNSbm1aX_w/default.jpg)
![Unpacking UPX Malware](https://i.ytimg.com/vi/8scn4PKry-o/default.jpg)
![UnpacMe Automated Malware Unpacking - How We Built It and Why](https://i.ytimg.com/vi/FctDptnYukQ/default.jpg)
![Unpacking Gootkit Malware With IDA Pro and X64dbg - Subscriber Request](https://i.ytimg.com/vi/242Tn0IL2jE/default.jpg)
![How to crack Bigasoft Total Video Converter and remove the trial limitations using x64dbg](https://i.ytimg.com/vi/Mct0RgUUSkQ/default.jpg)
![Reverse Engineering x32dbg/olly "that doesnt work in the real world..."](https://i.ytimg.com/vi/93bLKIOfFDQ/default.jpg)
![COMMENT CRACKER (quasiment) N'INPORTE QUEL LOGICIEL !!! |2019|](https://i.ytimg.com/vi/xfqKVgs-_o4/default.jpg)
![Blackmatter Ransomware - Livestream Lunch and Learn: Reverse Engineering and Binary Attribution](https://i.ytimg.com/vi/0-pvdxtCwfE/default.jpg)
![#8 How to Manually Unpack Malware](https://i.ytimg.com/vi/V1k-6_LiSKw/default.jpg)
![Unpacking and Extracting TrickBot Malware Configuration With x64dbg and Python](https://i.ytimg.com/vi/EdchPEHnohw/default.jpg)
![How To Use x64dbg for Beginners](https://i.ytimg.com/vi/h3DphxQ6Ngg/default.jpg)
![WinDbg Basics for Malware Analysis](https://i.ytimg.com/vi/QuFJpH3My7A/default.jpg)
![#7 Intro to Analysing Malware Using x32dbg](https://i.ytimg.com/vi/YgznjCOvK04/default.jpg)
![Fast Malware Unpacking With CryptDecrypt and RtlDecompressBuffer](https://i.ytimg.com/vi/2zYokTkzIC8/default.jpg)