here's the thing so I kind of "accidentally" downloaded it so I could just try and learn some coding and one of my protection services saw it had ransomware.agent right now it's contained but I don't know how to get rid of it completely. It's like a file that downloads over after deleting it
This style of video really helps me with my start in forensics and malware analysis. I love liveoverflow and other CTF summary channels but they often feel like magic in the way they present their findings. Keep up the great work :3
@@garethevans9789 Pentesting tools are released open source because not only is open source more effective, but it makes sure that the developers are not potentially profiting off of malicious actors, intentionally or not.
I love how they went through six stages of obsfuscation, and a lot of effort into hiding what they were doing.... but their payload was literally called "Attack.jpg" like surely they could have named it something at least slightly less blatant.
Perhaps they didn't care to hide it at that point? I know that obfuscation helps to counter analysts, but when the code is downloading data from a URL, then I suppose it wouldn't've been worth their effort to obscure the name of the download. Then again, they could've made a second download with totally unnecessary data. Either way - this thing is bad (for you)! xD
But then he would have been on 8-12 screens and typed those 200k characters (hacking is typing fast), it's all hard to follow. It would be like watching the Matrix.
I'm just finding this channel and its quickly becoming my favorite content. Im fascinated with all of this. Really inspires me to get started with basic coding to get my feet wet.
Whatever that quality is that great teachers have, you have it. Never change the format of your videos. I love seeing you troubleshoot and reason through everything live.
the evolving of rat is so amazing, i remember in late 90's where sub7, netbus and back orifice was so popular and inspired me into hacking. IRC was the channel to go to before and dial up is your connection.
Where have you been all my CS degree? This is awesome watching this stuff in action as you do it. I love the content! Definitely going to keep watching!
I've taken apart stuff like this (when I worked in large enterprise) but the samples were rarely more than 3-4 levels deep. This actually looks a lot more like a challenge you'd get at a CTF competition _(perhaps they're getting ideas from each other)_ ?
Dude you are simply awesome...it's so enriching for all of your viewers to see your hard work and all your skills, and the best of all is that we can see you enjoying so we enjoy and learn too. Regards from Spain!
Great video, I love this series. Also special thanks for zooming in this much, watching code-related stuff on phone is usually a pain, but not in your case. Keep up the good work!
John, as you are very good, you should stand this comment: In Powershell a "split (..)" is a regular expression splitten in string in portione of two characters, ie "4142" becomes "41", "42", in Hex AB
I was watching some scam baiting videos and also doing some deep dives into RATs and just... CyberSec/CompSci things in general and found this video. I'm glad I bumped into your channel. Really good stuff you have going on here
Damn, I just watched over an hour of stuff I have no clue of and I still feel educated and entertained. It even kinda makes sense, when you talk about it and explain some stuff. Thank you very much! :)
I love these malware analysis videos. You break stuff down to a fairly easy to understand level for most technical people. I'm just getting into cyber security and I'm really enjoying your content, thank you.
59:06 love how scrolls past when looking at string in the executable "Offline Keylogger Started" "Online Keylogger Started" "Online Keylogger Stopped" "Offline Keylogger Stopped" Yes John sees the key strokes and is like, "is this doing keylogging?"
As a prospective sw engineer, at ~54:00 that obfuscated spaghetti mess made me never want to be a malware analyst 🤣😂🤣 glad to have people with your mettle in this world
This is crazy. I've learned more about malwares in a few vids I saw from you, than the time I spent trying to get into the field years ago. I'm a fulltime dev now and have been working for over 7 years. Reminds me of my recent grad days where all I wanted was to understand this. Much easier to follow now, and damn, learning so much so quick now. Props to you.
You make easy to understand videos as you break things down. i really enjoy them. I have a vague understanding of coding and the way you work is easy to follow.
I never write a comment under a video but I saw every single second and I really really loved it. Thanks for your video and keep doing it sharing your passion with us!
Wow, that was awesome video. It is so nice to see you go through all the steps and thinking while deobfuscing. This RAT is kind of really scary for everything it can do. I would like to see more of this in the future! Keep up the good work
Totally enjoyed the video. It was an absolute rollercoaster ride. I love the way you present and explain the details in all your videos. And also none of your videos ever seem to be monotonous even when we are dealing with such mind boggling stuff because of the way you laugh and get excited when you crack/deobfuscate a piece of code. 😁 Thank you so much for taking the effort and sharing the awesome work😊
Been programming for a long time, but never really looked much into viruses and malware. Cool analysis. The authors sure work hard to make their installation as painless as possible.
Dude... That was solid. Loved it. Kinda dragged in the middle but I was invested enough I just jumped ahead maybe ten minutes before I was stuck back in. Nice nice so nice I had to say it twice, then one more time too.
Absolutely brilliant! I've discovered your channel yesterday and I can't stop watching. This stuff makes me want to give it a shot as well. Never knew that deconstructing programs/scripts (especially ones with malicious intent) could be this much fun! Subbed+bell.
You can also Ctrl+Scroll Wheel to zoom into notepad Edit: I watched the whole thing and I really had fun, really interesting and high quality Your circlular camera mask and your energy break reminded me of networkchuck and his coffee break xD You got a new subscriber :)
I'm learning to program in college rn and I just ran across your channel and my God man the length people go to, to scoot around anti-virus software and download shit on your computer is insane. Although seeing how all these functions are working together is awesome! Keep up the good work!!!👍
I work as a network technician/general IT person and a few weeks ago I found a Remcos Rat on a clients computer and the only reason I knew where to look and what it was is because of this video. Genuinely got to use this in real life. Obviously I didn't deobfucate it at all, but I knew to look in appdata roaming and it was honestly really fun. Kind of wish I got to deal with malware more often, but other wise I love my job too much to leave
John Amazing teaching methods so clear and precise i was able to follow you all the way to the end. Your amazing man, I was looking fr the next new thing to get into its malware analysis. please show me more i might be a natural at this
goodness gracious here's the kicker you can learn more cybersecurity at jh.live/training and check out jh.live/newsletter :)
here's the thing so I kind of "accidentally" downloaded it so I could just try and learn some coding and one of my protection services saw it had ransomware.agent right now it's contained but I don't know how to get rid of it completely. It's like a file that downloads over after deleting it
"This is just 75 lines of code"
*Half hour later*
"201 thousand characters selected"
that's how they get you man, that's how they get you.
@@AlucardNoir AND YOU BUT GUESS WHO NOT?! ME AND JOHN
Majorly loaded by a fake jpg ;)
@@geist453 l
@@bansku570 I
Ngl, never thought it would be so much fun watching someone analyse and breakdown a virus.
I was thinking the same thing! I might have just discovered my new rabbit hole lol
Love this malware analysis series!
Me too! Amazing series
I love it too!
me too, this guy is really good.
Sir. Can I use remcos rat to hack Android...
Times must be hard, Ed Sheeran is writing python.
Lmaooo💀💀
he looks like an unscuffed burgerplanet
This is ed sheerhan and Seth rogans kid.
You are the hacker version of pewdiepie. Very entertaining to watch.
Nah he looks like a de deobfuscated Ed Sheeran
Damn that was fun to watch!! Thanks and keep them coming!!!!!!
This style of video really helps me with my start in forensics and malware analysis. I love liveoverflow and other CTF summary channels but they often feel like magic in the way they present their findings. Keep up the great work :3
The REMCOS developer "discourages malicious use". For sure, everyone will use solely for legitimate purposes.
'sure if you say so' meanwhile no one uses it legitimately
Malicious actors: amma head out
Ethical hackers don't sell hacking toolkits, ethics and all that... 🤷♂️
@@garethevans9789 Pentesting tools are released open source because not only is open source more effective, but it makes sure that the developers are not potentially profiting off of malicious actors, intentionally or not.
Meh, skids are gonna find a way anyway. With our without this program.
So far this is the most fun I've had watching hacking videos. Your analysis is fantastic and I enjoy seeing your process. Keep it up!
I love how they went through six stages of obsfuscation, and a lot of effort into hiding what they were doing.... but their payload was literally called "Attack.jpg" like surely they could have named it something at least slightly less blatant.
Perhaps they didn't care to hide it at that point? I know that obfuscation helps to counter analysts, but when the code is downloading data from a URL, then I suppose it wouldn't've been worth their effort to obscure the name of the download. Then again, they could've made a second download with totally unnecessary data. Either way - this thing is bad (for you)! xD
I love when John is laughing over the Attack.jpg url
best part
Content like this is why I don't have to pay for cable, satellite, or netflix!
But then he would have been on 8-12 screens and typed those 200k characters (hacking is typing fast), it's all hard to follow. It would be like watching the Matrix.
Yeah
Okay, but consider this: TOS and TNG are on Netflix.
I'm just finding this channel and its quickly becoming my favorite content. Im fascinated with all of this. Really inspires me to get started with basic coding to get my feet wet.
Whatever that quality is that great teachers have, you have it. Never change the format of your videos. I love seeing you troubleshoot and reason through everything live.
After watching this, gained a keen interest in Malware Analysis. Thanks for the awesome content.
Scheduling this to start at the same time as the new mars rover is landing... Bold move cotton, let's see how it works out
Bah, totally didn't even realize xD Ah well!
@@_JohnHammond I’d prefer watching this over some rover landing
@Richard Vaughn isn’t the rover automatically controlled because the delay would be 10 minutes long?
the evolving of rat is so amazing, i remember in late 90's where sub7, netbus and back orifice was so popular and inspired me into hacking. IRC was the channel to go to before and dial up is your connection.
Pretty sure you need to run the obfuscated version of the AMSI bypass.
Great video, would love to see more of these!
This is one of the best educational videos i've seen
Where have you been all my CS degree? This is awesome watching this stuff in action as you do it. I love the content! Definitely going to keep watching!
Amazing work, you deserve the money from the RUclips overlords. Literally only commented to help boost those algos.
I've taken apart stuff like this (when I worked in large enterprise) but the samples were rarely more than 3-4 levels deep. This actually looks a lot more like a challenge you'd get at a CTF competition _(perhaps they're getting ideas from each other)_ ?
Dude you are simply awesome...it's so enriching for all of your viewers to see your hard work and all your skills, and the best of all is that we can see you enjoying so we enjoy and learn too. Regards from Spain!
Great video, I love this series. Also special thanks for zooming in this much, watching code-related stuff on phone is usually a pain, but not in your case. Keep up the good work!
I love John’s response when the light bulb goes off and all the hard work comes together. Great video as always.
You need I high level of nerdiness to find this entertaining. Proof: I find highly entertaining!
Love this.
John, as you are very good, you should stand this comment: In Powershell a "split (..)" is a regular expression splitten in string in portione of two characters, ie "4142" becomes "41", "42", in Hex AB
i missed the premiere, but this is definitely a blast to watch. Would love to see this more
Loving this series. Would like to see some disassembling malware analysis.
I was watching some scam baiting videos and also doing some deep dives into RATs and just... CyberSec/CompSci things in general and found this video. I'm glad I bumped into your channel. Really good stuff you have going on here
Hands down one of the best malware analysis walkthroughs I’ve seen. Watched it twice.
that url has to be the greatest thing ive ever seen
That was epic dude!
Felt like a real rollercoaster. I can't believe you got to them within 24 hours of release.
So nuts.
Nobody:
Virus Code: * Does malicious stuff*
John: Is it trying to do something bad? HAHAHA
Us: Duhhh John. wtf
Damn, I just watched over an hour of stuff I have no clue of and I still feel educated and entertained.
It even kinda makes sense, when you talk about it and explain some stuff.
Thank you very much! :)
Well worth the watch. This is a great video. Please do more. :)
how do you copy and paste into VirtualBox in Windows 10
you got my sub for this. its 3am in the morning and I've watched the entire thing having so much fun. keep on with the good stuff
What a great catch! This is by far the most interesting video I've watched on RUclips for a very long time. I love this of unedited video.
I love these malware analysis videos. You break stuff down to a fairly easy to understand level for most technical people.
I'm just getting into cyber security and I'm really enjoying your content, thank you.
Man i'm brazillian, and i love all of this videos, but this... mannn to amazing !! Continue delivery this content to us, i apreciate this
this is gonna be good
Indeed Indeed :D
Wow, that was a crazy ride! Thanks for taking us on the journey.
In the next episode... John rewrites the kernel for more efficient find and replace..... STONKS!
This was fabulous! I hope to see more!
Algorithm, give this man the recs.
It worked. That's why I'm here.
Did i just watch AN HOUR of malware analysis? Dude, you're awesome!
This was so fun to watch. The sketchy url was very funny, fitting pun on with the ‘holy cow’
"Can I get anything out of Melons?"
You can get juice, John. Juice.
59:06 love how scrolls past when looking at string in the executable "Offline Keylogger Started" "Online Keylogger Started" "Online Keylogger Stopped" "Offline Keylogger Stopped"
Yes John sees the key strokes and is like, "is this doing keylogging?"
I binge your videos every day all day at work. Gets me through the day and I learn some new/cool stuff.
Please more Malware Analysis videos. So much fun to watch.
Dope analysis! The streets need this type of content. Keep it coming.
As a prospective sw engineer, at ~54:00 that obfuscated spaghetti mess made me never want to be a malware analyst 🤣😂🤣 glad to have people with your mettle in this world
That was a great video. I don't know a whole lot about what you do, but it was super fun watching you do it. Thanks so much!
This is crazy. I've learned more about malwares in a few vids I saw from you, than the time I spent trying to get into the field years ago. I'm a fulltime dev now and have been working for over 7 years. Reminds me of my recent grad days where all I wanted was to understand this. Much easier to follow now, and damn, learning so much so quick now. Props to you.
Really interesting video, thanks !! I'm impressed at the obfuscation job done on this malware it's impressive
"guys, you might think i'm dumb" LOL exact opposite.
You make easy to understand videos as you break things down. i really enjoy them.
I have a vague understanding of coding and the way you work is easy to follow.
You know so much about so many things... I've learned so many things in the few videos I've watched so far. Super, super inspiring.
Brilliant. You make malware reversing so fun to watch.
John - This is great content. I really am learning a lot watching you work these out. Keep it up! The masses demand more of this!
From beginner hand-holding on picoCTF to obfuscating obfuscated obfuscation LOL. This channel has it all, thanks for the great content!
I never write a comment under a video but I saw every single second and I really really loved it. Thanks for your video and keep doing it sharing your passion with us!
Keep on doing those Malware Analysis. It's really fun to watch and it's quite educative too!
Wow, that was awesome video. It is so nice to see you go through all the steps and thinking while deobfuscing. This RAT is kind of really scary for everything it can do. I would like to see more of this in the future! Keep up the good work
Man I love these videos. As a junior network tech I love watching this, so interesting and entertaining!
The guy that wrote the script watching this video rn must be like 👁️👄👁️
This was actually fun to watch and go on this journey with you! Loving these videos
That's a rabbit hole if I've ever seen one haha great stuff man!
If only it (the rabbit holes) were rare. 😥
Follow the white rabbit!
Totally enjoyed the video. It was an absolute rollercoaster ride. I love the way you present and explain the details in all your videos. And also none of your videos ever seem to be monotonous even when we are dealing with such mind boggling stuff because of the way you laugh and get excited when you crack/deobfuscate a piece of code. 😁 Thank you so much for taking the effort and sharing the awesome work😊
Been programming for a long time, but never really looked much into viruses and malware. Cool analysis. The authors sure work hard to make their installation as painless as possible.
"is this the newest version? because that would be pretty slick"
*immediately scrolls past the version number 3.1.0 showing it is the latest version*
I love that you used strings and am glad I'm not the only one who does. :-) It's a highly under-rated tool, IMHO.
Dude... That was solid. Loved it. Kinda dragged in the middle but I was invested enough I just jumped ahead maybe ten minutes before I was stuck back in. Nice nice so nice I had to say it twice, then one more time too.
Awesome work buddy !!! watching your videos while at work coding my self ... thanks for the vids
Watched the whole thing from start to finish - loved it! Make more!
I love your videos which are not preplanned... It gives us an option for us to know how you actually resolves when you are stuck....
Absolutely brilliant! I've discovered your channel yesterday and I can't stop watching. This stuff makes me want to give it a shot as well. Never knew that deconstructing programs/scripts (especially ones with malicious intent) could be this much fun! Subbed+bell.
Your knowledge is very impressive! Love learning from guys like you!
Always learn something new watching your content!
Nice. I really impressed at final "detective" processing :) Keep it that way
Really fun to watch ! Looking forward to see more !
Pls keep up the malware analysis videos! Its so fun to watch!
This series of decoding Malware is the best knowledge base for getting a feel for noobs like me. Please keep it coming. Thank you.
every single line "I don't exactly know what is going on here" so basically this guy is just us trying to understand code. got it.
Just for the RUclips algorithm to know, I love malware analysis series! keep them coming!!!!!!
Yes keep these coming, really enjoyed that video!!
these videos are underrated hidden gems.
i swear why didnt i get them in my reccomended earlier.
You can also Ctrl+Scroll Wheel to zoom into notepad
Edit: I watched the whole thing and I really had fun, really interesting and high quality
Your circlular camera mask and your energy break reminded me of networkchuck and his coffee break xD
You got a new subscriber :)
I knew exactly what it was a few minutes of you scrolling few the strings!!! I feel proud! And thank you for making this video, I learned a lot.
that was wild. these new malware videos are great. thanks John!
I'm learning to program in college rn and I just ran across your channel and my God man the length people go to, to scoot around anti-virus software and download shit on your computer is insane.
Although seeing how all these functions are working together is awesome!
Keep up the good work!!!👍
Fantastically enjoyable to watch you solve problems as always . Thanks John
I work as a network technician/general IT person and a few weeks ago I found a Remcos Rat on a clients computer and the only reason I knew where to look and what it was is because of this video. Genuinely got to use this in real life. Obviously I didn't deobfucate it at all, but I knew to look in appdata roaming and it was honestly really fun. Kind of wish I got to deal with malware more often, but other wise I love my job too much to leave
This was extremely enjoyable! Keep it up!
Did anyone told that to you, you're an genius buddy....
i even can't get off my eyes on this series.... amazing
John Amazing teaching methods so clear and precise i was able to follow you all the way to the end. Your amazing man, I was looking fr the next new thing to get into its malware analysis. please show me more i might be a natural at this
Totally epic stuff!. I am not even into coding and or info sec. Just stumbled upon this video and couldn't stop watching!
Now this is quality content. I was always wondering how these viruses work, man this is interesting!
John, great interview in the Infosec OSINT podcast!