Unpacking and Extracting TrickBot Malware Configuration With x64dbg and Python
Open Analysis Live! We unpack TrickBot and extract it's configuration file using x64dbg and a Python script from the KevinTheHermit project. Expand for more...
-----
OALABS DISCORD
/ discord
OALABS PATREON
/ oalabs
OALABS TIP JAR
https://ko-fi.com/oalabs
OALABS GITHUB
https://github.com/OALabs
UNPACME - AUTOMATED MALWARE UNPACKING
https://www.unpac.me/#/
-----
Packed sample (download the zip file):
Sha256:
fa9ad80c0977cdbfe8419d27ca9ad909d34f1737df726f4d175f6b85b0670074
http://www.malware-traffic-analysis.n...
Unpacked Stage 2:
Sha256: 5609b3f916346146771b721ee20f7679ce87b7fc4b6a18bf6adf7201b98c5e22
https://malshare.com/sample.php?actio...
Unpacked Stage 3 (Trickbot payload):
Sha256: 54dd37adfb6917060392a89b539b8402c7166f452cd5534df6ea9df607908181
https://malshare.com/sample.php?actio...
Kevin the hermit config extractors:
https://github.com/kevthehermit/RATDe...
Modified standalone version of TrickBot extractor:
https://gist.github.com/herrcore/35ad...
Sysopfb github (more malware analysis scripts):
https://github.com/sysopfb
x64dbg:
https://x64dbg.com/#start
More TrickBot samples to practice unpacking:
http://www.malware-traffic-analysis.n...
http://www.malware-traffic-analysis.n...
http://www.malware-traffic-analysis.n...
http://www.malware-traffic-analysis.n...
Tutorial on self-injection unpacking:
• Unpacking Princess Locker and Fixing ...
Feedback, questions, and suggestions are always welcome : )
Sergei / herrcore
Sean / seanmw
As always check out our tools, tutorials, and more content over at http://www.openanalysis.net
Watch video Unpacking and Extracting TrickBot Malware Configuration With x64dbg and Python online without registration, duration hours minute second in high quality. This video was added by user OALabs 20 June 2018, don't forget to share it with your friends and acquaintances, it has been viewed on our site 19,777 once and liked it 451 people.