EMOTET - Interactive Malware Analysis with ANY.RUN

Поділитися
Вставка
  • Опубліковано 12 гру 2024

КОМЕНТАРІ • 57

  • @SuperChelseaSW6
    @SuperChelseaSW6 5 років тому +2

    Hello sir. Did u use a virtual machine to visit the website? ( any.run)

    • @HackeXPlorer
      @HackeXPlorer  5 років тому +1

      No this was directly from the workstation, also it's a web.browser window so it's safe.

    • @SuperChelseaSW6
      @SuperChelseaSW6 5 років тому

      @@HackeXPlorer thanks

  • @khay9833
    @khay9833 4 роки тому +2

    Did you store the file on a virtual machine (VM) or was it on your host computer? I guess what I'm really asking is, did you do any of this on a VM? How would you recommend the safest way be to download and store a suspicious file before executing within Any.Run?
    PS: Great content! You did a great job explaining :)

    • @HackeXPlorer
      @HackeXPlorer  4 роки тому +1

      Hi Kay since the file was zipped and password protected I can keep the sample in my host computer, this way the virus guard would also not be able to delete my samples. So yes in a cooperate environment I would recommend using a VM , but home best thing would be to be careful to not to open the file. And use the above method to save samples.

  • @SuperChelseaSW6
    @SuperChelseaSW6 5 років тому +1

    Hello sir. U decide the word document with base64. How bout if its encrypted or obfuscated, what do we do next?

    • @HackeXPlorer
      @HackeXPlorer  5 років тому

      Chk my video on de dosfuscation, this is a common method of obfuscation in vba macros. Also you will get an idea on how to decode.

  • @anishzaki
    @anishzaki 5 років тому +1

    Great & informative video! Can you do a video on MITRE ATT&CK framework?

    • @HackeXPlorer
      @HackeXPlorer  5 років тому

      Sure Anish, Thanks for the suggestion.

  • @ArtisticallyEligible
    @ArtisticallyEligible 5 років тому

    simply amazing. i love your content. thanks

    • @HackeXPlorer
      @HackeXPlorer  5 років тому +1

      Thank you for the feedback 👍

  • @harnishjariwala6846
    @harnishjariwala6846 4 роки тому +1

    Awasome Video... I learn new stuff... Thanks man... I wish you upload some live attack which is more helpful for new comers... :)

    • @HackeXPlorer
      @HackeXPlorer  4 роки тому +1

      Hey thanks Garnish, and yeah setting up my lab environment these days for this type of videos

  • @amolbhasinge3731
    @amolbhasinge3731 5 років тому

    Very good information

  • @sagarajayathilaka
    @sagarajayathilaka 5 років тому +2

    Thanks 🙏

  • @satishkumar7359
    @satishkumar7359 4 роки тому

    Simply superb 😍

  • @sulthansk6444
    @sulthansk6444 5 років тому

    Hi...
    Thanks for the video...

  • @SuperChelseaSW6
    @SuperChelseaSW6 5 років тому +1

    Where can download the sample.doc ?

    • @HackeXPlorer
      @HackeXPlorer  5 років тому

      Check the any.run link in the description, you can use the link to download the doc file downloaded. If the site is still up and running.

    • @HackeXPlorer
      @HackeXPlorer  2 роки тому

      github.com/HackeXPlorer/Channel-Resources

  • @muruga403
    @muruga403 5 років тому

    Thanks very useful

  • @akashh8583
    @akashh8583 3 роки тому

    Nice Video

  • @greenloon797
    @greenloon797 Рік тому

    For educational and protection purpose

  • @bumsterz
    @bumsterz 4 роки тому

    hi, can u show us how to conhost malware works on infected host/servers? thanks

  • @Leokhawarizmi
    @Leokhawarizmi 3 роки тому

    keep going man

  • @amolbhasinge3731
    @amolbhasinge3731 5 років тому

    One suggestion: please make video on how to find the malware which is running under windows context like some malware's run under svchost.exe

    • @HackeXPlorer
      @HackeXPlorer  5 років тому

      Hi Amol, this is great topic one that I have also faced many times. thankyou for the suggestion.

  • @hamidullahmuslih6301
    @hamidullahmuslih6301 4 роки тому

    great video bro, but mine did not decode the powershell command, same text same website I used. it brings like binary output to me.

    • @HackeXPlorer
      @HackeXPlorer  4 роки тому +1

      You should be able to see the poweshell code in the any.run execution window. Unless the attacker is using a new(binary) exe payload

    • @hamidullahmuslih6301
      @hamidullahmuslih6301 4 роки тому

      @@HackeXPlorer thanks for the fast reply. I got the base 64 code (from the any.run link that you shared above), when I use to decode it via www.base64encode.org/ (same website that you have used), it does not give me the plain text output. it shows some unusual characters. Note: i am following your steps . I did not used any new EMOTET malware.

    • @hamidullahmuslih6301
      @hamidullahmuslih6301 4 роки тому

      you can also try, it won't work, I just need the text output of that base 64 powershell command, i can also rewrite it from your video, but i need to know why I cannot decode it.

  • @hamadyasser5929
    @hamadyasser5929 4 роки тому

    thumbs up 👍

  • @LeStupiak193
    @LeStupiak193 4 роки тому

    Hi ! Are you using the paid version ?

    • @HackeXPlorer
      @HackeXPlorer  4 роки тому +1

      Hey, no this is the free version, you can use it to visit malicious domain and to perform a quick analysis on malicious files.

    • @ProjectPoyo
      @ProjectPoyo 4 роки тому +1

      @@HackeXPlorer but you have to create a account!

    • @HishanShouketh
      @HishanShouketh 4 роки тому

      @@ProjectPoyo yes you can create a free account

    • @PhoenixSS
      @PhoenixSS Рік тому +1

      @@HishanShouketh it business

  • @sayankumardey6826
    @sayankumardey6826 3 роки тому

    Pls provide this malicious doc file for practice , thanks

    • @HackeXPlorer
      @HackeXPlorer  3 роки тому

      The Analysis link is in the description, you xan download the sample from there, as i show in the video

    • @sayankumardey6826
      @sayankumardey6826 3 роки тому

      Sir how to download, can't get it. Pls upload it to any cloud link and share

    • @HackeXPlorer
      @HackeXPlorer  2 роки тому

      Get it from here github.com/HackeXPlorer/Channel-Resources

  • @chorusb2b5
    @chorusb2b5 5 місяців тому

    Sir, the sample link you have attached has four pdf i guess... I am afraid to click it....coz any virus could have been downloaded.... Please tell a clear way to download the sample without opening it

    • @HackeXPlorer
      @HackeXPlorer  4 місяці тому

      Use a virtual machine to open it

  • @carlosalbertosanchezgarcia3915
    @carlosalbertosanchezgarcia3915 3 роки тому

    la pagina es para hacer ataques

  • @murphybrown32216
    @murphybrown32216 5 років тому +1

    only 32 bit windows is free and no Mac

    • @HackeXPlorer
      @HackeXPlorer  5 років тому

      Yeah Murphy, unfortunately this is a limitation of the free version of any.run. planing to do a video on the Cuckoo sandbox in the future.

  • @devathipradeep4524
    @devathipradeep4524 4 роки тому

    Mitre att&ck framework explanation please

    • @HackeXPlorer
      @HackeXPlorer  4 роки тому

      Sure this is one the areas that's is booming and interesting as well