EMOTET - Interactive Malware Analysis with ANY.RUN
HTML-код
- Опубликовано: 10 июн 2024
- In this video, we will be analysing a sample of EMOTET Malware. Using the online free malware analysis tool ANY.RUN
Any.Run is an interesting online sandbox analysis application that is used to run malicious executables or to visit suspicious websites, and records systems and network-level activity. The creators of this service have provided a free version with tons of great features available.
This video will be giving an overview of how to analyse malware using this tool, And how can you get rich information compared to a manual sandbox set-up
🌏Web Site
hackexplorer.net/
💾Sample files in the video
github.com/HackeXPlorer/Chann...
ANY.RUN online app
any.run/
ANY.RUN article about Emotet
any.run/malware-trends/emotet
ANY.RUN analysis link
app.any.run/tasks/298d69d4-cc...
#MalwareAnalysis #EMOTET #CyberSecurity
Hishan Shouketh 2019
For more security Tips, Techniques and Tools
Facebook
/ hackexplorer
Twitter
/ hack_explorer
Instagram
/ hackexplorer
simply amazing. i love your content. thanks
Thank you for the feedback 👍
Awasome Video... I learn new stuff... Thanks man... I wish you upload some live attack which is more helpful for new comers... :)
Hey thanks Garnish, and yeah setting up my lab environment these days for this type of videos
Simply superb 😍
Thank you! Cheers! Satish.
Great & informative video! Can you do a video on MITRE ATT&CK framework?
Sure Anish, Thanks for the suggestion.
Did you store the file on a virtual machine (VM) or was it on your host computer? I guess what I'm really asking is, did you do any of this on a VM? How would you recommend the safest way be to download and store a suspicious file before executing within Any.Run?
PS: Great content! You did a great job explaining :)
Hi Kay since the file was zipped and password protected I can keep the sample in my host computer, this way the virus guard would also not be able to delete my samples. So yes in a cooperate environment I would recommend using a VM , but home best thing would be to be careful to not to open the file. And use the above method to save samples.
Hi...
Thanks for the video...
You are welcome Sulthan
Thanks very useful
Thankyou for the feedback,👍
Very good information
You are welcome
Thanks 🙏
You are welcome Sagara 👍
keep going man
Thanks Leo
Nice Video
Thanks Akash
thumbs up 👍
Thank you 👍
Hello sir. U decide the word document with base64. How bout if its encrypted or obfuscated, what do we do next?
Chk my video on de dosfuscation, this is a common method of obfuscation in vba macros. Also you will get an idea on how to decode.
Hello sir. Did u use a virtual machine to visit the website? ( any.run)
No this was directly from the workstation, also it's a web.browser window so it's safe.
@@HackeXPlorer thanks
One suggestion: please make video on how to find the malware which is running under windows context like some malware's run under svchost.exe
Hi Amol, this is great topic one that I have also faced many times. thankyou for the suggestion.
hi, can u show us how to conhost malware works on infected host/servers? thanks
Sure Rizal.. Thnakyou
For educational and protection purpose
great video bro, but mine did not decode the powershell command, same text same website I used. it brings like binary output to me.
You should be able to see the poweshell code in the any.run execution window. Unless the attacker is using a new(binary) exe payload
@@HackeXPlorer thanks for the fast reply. I got the base 64 code (from the any.run link that you shared above), when I use to decode it via www.base64encode.org/ (same website that you have used), it does not give me the plain text output. it shows some unusual characters. Note: i am following your steps . I did not used any new EMOTET malware.
you can also try, it won't work, I just need the text output of that base 64 powershell command, i can also rewrite it from your video, but i need to know why I cannot decode it.
Where can download the sample.doc ?
Check the any.run link in the description, you can use the link to download the doc file downloaded. If the site is still up and running.
github.com/HackeXPlorer/Channel-Resources
Hi ! Are you using the paid version ?
Hey, no this is the free version, you can use it to visit malicious domain and to perform a quick analysis on malicious files.
@@HackeXPlorer but you have to create a account!
@@ProjectPoyo yes you can create a free account
@@HishanShouketh it business
Pls provide this malicious doc file for practice , thanks
The Analysis link is in the description, you xan download the sample from there, as i show in the video
Sir how to download, can't get it. Pls upload it to any cloud link and share
Get it from here github.com/HackeXPlorer/Channel-Resources
la pagina es para hacer ataques
Mitre att&ck framework explanation please
Sure this is one the areas that's is booming and interesting as well
only 32 bit windows is free and no Mac
Yeah Murphy, unfortunately this is a limitation of the free version of any.run. planing to do a video on the Cuckoo sandbox in the future.