You can find a full list of tools that are in the FlareVM here. Officemalscanner is part of them ;) www.fireeye.com/blog/threat-research/2018/11/flare-vm-update.html
The sandbox is a program called SandBoxie. It is free to download and it will give you the option to run something in a sandbox. Everything in the video is done in a VM. Hope this helps :)
@@RingZeroLabs i have sample , RDG detected it packed Themida/Winliscense 2.x . So , basiclly, i wanna monitor first, cuz i dont have solution for unpack sample . But fakenet, wireshark not touch any C&C when i try executed sample. Did u have solution for me ? I know when packed Themida , i dont monitor any process, but network i can, right ?
@@akai_0x43 It depends what it is, but most malware will run in a sandbox and products like SandBoxie can monitor dropped files, network traffic, persistence, registry changes, etc. Some malware won't run or perform any "malicious" activity if it detects analysis tools or if it detects it is inside a VM. Other malware samples simply install themselves onto the system and wait for an unknown amount of time before they perform any of their activities. There are ways to unpack some themida, but I would suggest running it in a simple sandbox like SandBoxie and see what happens. If it doesn't run, maybe try running it in a VM with no analysis tools. It's kinda hard to know without dynamically analyzing the sample to observe activity and then RE'ing the unpacking process and dumping out the unpacked files from memory. Long answer, but there are a lot of possibilities.
is officemalscanner in the flare VM in your other video?
You can find a full list of tools that are in the FlareVM here. Officemalscanner is part of them ;) www.fireeye.com/blog/threat-research/2018/11/flare-vm-update.html
im sorry but how to u have option run in sandbox? and u doing this in VM , right?
The sandbox is a program called SandBoxie. It is free to download and it will give you the option to run something in a sandbox. Everything in the video is done in a VM. Hope this helps :)
@@RingZeroLabs Thanks for answer . Sorry, but i can ask one more question?
@@akai_0x43 Of course. Ask away.
@@RingZeroLabs i have sample , RDG detected it packed Themida/Winliscense 2.x . So , basiclly, i wanna monitor first, cuz i dont have solution for unpack sample . But fakenet, wireshark not touch any C&C when i try executed sample. Did u have solution for me ? I know when packed Themida , i dont monitor any process, but network i can, right ?
@@akai_0x43 It depends what it is, but most malware will run in a sandbox and products like SandBoxie can monitor dropped files, network traffic, persistence, registry changes, etc. Some malware won't run or perform any "malicious" activity if it detects analysis tools or if it detects it is inside a VM. Other malware samples simply install themselves onto the system and wait for an unknown amount of time before they perform any of their activities. There are ways to unpack some themida, but I would suggest running it in a simple sandbox like SandBoxie and see what happens. If it doesn't run, maybe try running it in a VM with no analysis tools. It's kinda hard to know without dynamically analyzing the sample to observe activity and then RE'ing the unpacking process and dumping out the unpacked files from memory. Long answer, but there are a lot of possibilities.
Sometimes is very small that I cant see I would like to learn thank you anyway
Ya sorry the default font in Microsoft's VBA Editor is very small and I didn't increase it :( Good luck in your learning journey.
Thanks for sharing. Going to need to play more with CyberChef (Mickyj Whitehat)
thanks for uploaded... greattt..
Thanks for the view :)