Bypassing BlackMatter Anti-Debug With x64dbg [Patreon Unlocked]
Vložit
- čas přidán 4. 01. 2022
- In this tutorial we demonstrate how to bypass the anti-debug checks in BlackMatter ransomware with x64dbg. Expand for more...
-----
OALABS DISCORD
/ discord
OALABS PATREON
/ oalabs
OALABS GITHUB
github.com/OALabs
UNPACME - AUTOMATED MALWARE UNPACKING
www.unpac.me/#/
-----
BlackMatter sample:
malshare.com/sample.php?actio...
this is amazing... nice work. thanks for sharing.
Excellent video. A tip for those who want to "automate" the skip so you don't have to change the IP every time.
Check the function out and if it is just calling NtSetInformationThread or some other anti-debug code and it doesn't contain important malware code (which it usually doesn't since it is isolated anti-debug function) you can simply NOP the whole call and skip over that check every time you restart the exe\dll in the debugger.
Nice tip!
Pls I want to learn software how can you help me please
Amazing content! Please do more videos Reverse engineering context! thank you.
Brilliant as always!
Thank you for this Good turtorial :)
I never thought about using graph view while using x64 lol
As always, your vids are the best.
Thanks! Sometimes it's very useful to see see the control flow from another perspective.
Excellent video
Thanks for making these videos free, I love them! Have u considered making a video analyzing the ransomware as a whole? D:
That's actually next up ... we have been laying the groundwork with the last few tutorials ;)
@@OALABS Patreon only or u gonna make it public? :c
Live stream was recorded: czcams.com/video/0-pvdxtCwfE/video.html
@@OALABS you are amazing!
features ! love them all 🚩❤
What would be the approach when the exe reproduces itself and its threads (like in process explore you can see 6times the same process)
That's a completely different topic ;) You may want to check out some of our process injection unpacking tutorials.
Thanks Teacher, have you considered writing a book about reversing?
No books, just live workshops and videos : )
Can this method remove the x63dbg (32bit) virus???
Almost the same trick, as Enigma does to detach from the debugger. However, if I remember correctly, Enigma uses ZwSetInformationThread instead
Hi please help me crack my software
Couldn't you have inserted a jump instead of the push 0?
May I ask you to make a video about Software Nanomites?)
No, lol
hello, is there someone sleeping while you record? there is background voice.. like snoring ... just sayn
Haha that's my bulldog Boris. If you check out our streams on Twitch you will see he sleeps beside my desk and has his own doggo cam
Where is the part II?
On our Patreon : ) www.patreon.com/posts/analyzing-anti-57443723
I think i want to marry this man