02 - Performing Basic Triage Analysis and Unpacking with x64dbg

Published: 19 September 2024
on channel: Dr Josh Stroschein - The Cyber Yeti
911
44

Part 02 picks up by spending a little time performing basic triage analysis on the resulting ransomware binaries that we produced from the builder in part 01. I rarely skip this step as it often yields important insights into what you may be considering reversing. In this video, we'll use Detect-It-Easy to look at PE file characteristics and use entropy to identify signs of packing. We'll then compare the obfuscated and unobfuscated binaries together and even go through dumping the obfuscated version using x64dbg and scylla.

Join this channel to get access to perks:
   / @jstrosch  

🚨 WARNING! If you follow along by creating your own binaries, ensure you have a safe analysis environment. The builder produces the real Lockbit ransomware and can cause irreversible damage to your systems! 🚨

Cybersecurity, reverse engineering, malware analysis and ethical hacking content!
🎓 Courses on Pluralsight 👉🏻 https://www.pluralsight.com/authors/j...
🌶️ YouTube 👉🏻 Like, Comment & Subscribe!
🙏🏻 Support my work 👉🏻   / joshstroschein  
🌎 Follow me 👉🏻   / jstrosch  ,   / joshstroschein  
⚙️ Tinker with me on Github 👉🏻 https://github.com/jstrosch
🤝 Join the Discord community and more 👉🏻 https://www.thecyberyeti.com

1:01 What do the strings tell us?
3:40 Viewing strings in the obfuscated version
4:13 Using DIE to view imports
7:13 Analyzing the obfuscated version
9:35 Comparing versions with IDA Pro
14:35 Unpacking the obfuscated version with x64dbg


Watch video 02 - Performing Basic Triage Analysis and Unpacking with x64dbg online without registration, duration hours minute second in high quality. This video was added by user Dr Josh Stroschein - The Cyber Yeti 19 September 2024, don't forget to share it with your friends and acquaintances, it has been viewed on our site 91 once and liked it 4 people.