OALabs | Unpacking Bokbot / IcedID Malware - Part 1 @OALABS | Uploaded 5 years ago | Updated 1 hour ago
We demonstrate how to unpack the first two stages of Bokbot / IcedID malware with x64dbg, PeBear, and IDA Pro. Expand for more...
-----
OALABS DISCORD
discord.gg/6h5Bh5AMDU
OALABS PATREON
patreon.com/oalabs
OALABS TIP JAR
ko-fi.com/oalabs
OALABS GITHUB
github.com/OALabs
UNPACME - AUTOMATED MALWARE UNPACKING
unpac.me/#
-----
Original sample:
0ca2971ffedf0704ac5a2b6584f462ce27bac60f17888557dc8cd414558b479e
cape.contextis.com/analysis/21237
Stage1 (packed UPX):
7f463bd55aa360032fbd6489b4e34455178a35254ff66c1cd98d0775437074b4
cape.contextis.com/analysis/21240
Stage2 (custom injector):
89a0325379e1e868b668955ed41ba0faa724845028bc961a0691f19e5213dedf
cape.contextis.com/analysis/21241
Talos blog post on Bokbot injection method:
blog.talosintelligence.com/2018/04/icedid-banking-trojan.html
Vitali Kremez analysis of IcedID:
vkremez.com/2018/09/lets-learn-deeper-dive-into.html
TUTORIAL - How to setup a FREE malware analysis VM
oalabs.openanalysis.net/2018/07/16/oalabs_malware_analysis_virtual_machine
Stay tuned for PART 2 ...
Feedback, questions, and suggestions are always welcome : )
Sergei twitter.com/herrcore
Sean twitter.com/seanmw
As always check out our tools, tutorials, and more content over at openanalysis.net
We demonstrate how to unpack the first two stages of Bokbot / IcedID malware with x64dbg, PeBear, and IDA Pro. Expand for more...
-----
OALABS DISCORD
discord.gg/6h5Bh5AMDU
OALABS PATREON
patreon.com/oalabs
OALABS TIP JAR
ko-fi.com/oalabs
OALABS GITHUB
github.com/OALabs
UNPACME - AUTOMATED MALWARE UNPACKING
unpac.me/#
-----
Original sample:
0ca2971ffedf0704ac5a2b6584f462ce27bac60f17888557dc8cd414558b479e
cape.contextis.com/analysis/21237
Stage1 (packed UPX):
7f463bd55aa360032fbd6489b4e34455178a35254ff66c1cd98d0775437074b4
cape.contextis.com/analysis/21240
Stage2 (custom injector):
89a0325379e1e868b668955ed41ba0faa724845028bc961a0691f19e5213dedf
cape.contextis.com/analysis/21241
Talos blog post on Bokbot injection method:
blog.talosintelligence.com/2018/04/icedid-banking-trojan.html
Vitali Kremez analysis of IcedID:
vkremez.com/2018/09/lets-learn-deeper-dive-into.html
TUTORIAL - How to setup a FREE malware analysis VM
oalabs.openanalysis.net/2018/07/16/oalabs_malware_analysis_virtual_machine
Stay tuned for PART 2 ...
Feedback, questions, and suggestions are always welcome : )
Sergei twitter.com/herrcore
Sean twitter.com/seanmw
As always check out our tools, tutorials, and more content over at openanalysis.net