Did you store the file on a virtual machine (VM) or was it on your host computer? I guess what I'm really asking is, did you do any of this on a VM? How would you recommend the safest way be to download and store a suspicious file before executing within Any.Run? PS: Great content! You did a great job explaining :)
Hi Kay since the file was zipped and password protected I can keep the sample in my host computer, this way the virus guard would also not be able to delete my samples. So yes in a cooperate environment I would recommend using a VM , but home best thing would be to be careful to not to open the file. And use the above method to save samples.
@@HackeXPlorer thanks for the fast reply. I got the base 64 code (from the any.run link that you shared above), when I use to decode it via www.base64encode.org/ (same website that you have used), it does not give me the plain text output. it shows some unusual characters. Note: i am following your steps . I did not used any new EMOTET malware.
you can also try, it won't work, I just need the text output of that base 64 powershell command, i can also rewrite it from your video, but i need to know why I cannot decode it.
Sir, the sample link you have attached has four pdf i guess... I am afraid to click it....coz any virus could have been downloaded.... Please tell a clear way to download the sample without opening it
Hello sir. Did u use a virtual machine to visit the website? ( any.run)
No this was directly from the workstation, also it's a web.browser window so it's safe.
@@HackeXPlorer thanks
Did you store the file on a virtual machine (VM) or was it on your host computer? I guess what I'm really asking is, did you do any of this on a VM? How would you recommend the safest way be to download and store a suspicious file before executing within Any.Run?
PS: Great content! You did a great job explaining :)
Hi Kay since the file was zipped and password protected I can keep the sample in my host computer, this way the virus guard would also not be able to delete my samples. So yes in a cooperate environment I would recommend using a VM , but home best thing would be to be careful to not to open the file. And use the above method to save samples.
Hello sir. U decide the word document with base64. How bout if its encrypted or obfuscated, what do we do next?
Chk my video on de dosfuscation, this is a common method of obfuscation in vba macros. Also you will get an idea on how to decode.
Great & informative video! Can you do a video on MITRE ATT&CK framework?
Sure Anish, Thanks for the suggestion.
simply amazing. i love your content. thanks
Thank you for the feedback 👍
Awasome Video... I learn new stuff... Thanks man... I wish you upload some live attack which is more helpful for new comers... :)
Hey thanks Garnish, and yeah setting up my lab environment these days for this type of videos
Very good information
You are welcome
Thanks 🙏
You are welcome Sagara 👍
Simply superb 😍
Thank you! Cheers! Satish.
Hi...
Thanks for the video...
You are welcome Sulthan
Where can download the sample.doc ?
Check the any.run link in the description, you can use the link to download the doc file downloaded. If the site is still up and running.
github.com/HackeXPlorer/Channel-Resources
Thanks very useful
Thankyou for the feedback,👍
Nice Video
Thanks Akash
For educational and protection purpose
hi, can u show us how to conhost malware works on infected host/servers? thanks
Sure Rizal.. Thnakyou
keep going man
Thanks Leo
One suggestion: please make video on how to find the malware which is running under windows context like some malware's run under svchost.exe
Hi Amol, this is great topic one that I have also faced many times. thankyou for the suggestion.
great video bro, but mine did not decode the powershell command, same text same website I used. it brings like binary output to me.
You should be able to see the poweshell code in the any.run execution window. Unless the attacker is using a new(binary) exe payload
@@HackeXPlorer thanks for the fast reply. I got the base 64 code (from the any.run link that you shared above), when I use to decode it via www.base64encode.org/ (same website that you have used), it does not give me the plain text output. it shows some unusual characters. Note: i am following your steps . I did not used any new EMOTET malware.
you can also try, it won't work, I just need the text output of that base 64 powershell command, i can also rewrite it from your video, but i need to know why I cannot decode it.
thumbs up 👍
Thank you 👍
Hi ! Are you using the paid version ?
Hey, no this is the free version, you can use it to visit malicious domain and to perform a quick analysis on malicious files.
@@HackeXPlorer but you have to create a account!
@@ProjectPoyo yes you can create a free account
@@HishanShouketh it business
Pls provide this malicious doc file for practice , thanks
The Analysis link is in the description, you xan download the sample from there, as i show in the video
Sir how to download, can't get it. Pls upload it to any cloud link and share
Get it from here github.com/HackeXPlorer/Channel-Resources
Sir, the sample link you have attached has four pdf i guess... I am afraid to click it....coz any virus could have been downloaded.... Please tell a clear way to download the sample without opening it
Use a virtual machine to open it
la pagina es para hacer ataques
only 32 bit windows is free and no Mac
Yeah Murphy, unfortunately this is a limitation of the free version of any.run. planing to do a video on the Cuckoo sandbox in the future.
Mitre att&ck framework explanation please
Sure this is one the areas that's is booming and interesting as well