Fortnite RAT: How to tell if an Application is Malware
Vložit
- čas přidán 19. 11. 2023
- I'm often asked how to tell if an application or exe is malware. Here is an example of a fortnite RAT analyzed in a sandbox to demonstrate as a tutorial the kind of indicators that can give away malicious behavior. Try Any.Run for free: any.run/?u... (sponsor)
Get the pro version: any.run/demo/?...
Buy the best antivirus: thepcsecuritychannel.com/best...
Join the discussion on Discord: discord.tpsc.tech/
Get your business endpoints tested by us: tpsc.tech/
Contact us for business: thepcsecuritychannel.com/contact - Věda a technologie
sadly this website only allows for 16 mb for free users and the rest are extremely expensive for normal private users (more than 100 bucks per month). 64 bit versions are only available for paying customers.
nice idea but sry, its way too expensive for the typical app user.
4:50 1400 dollars a year is a bit far from 'pretty reasonable'
hatching triage works well and it doesn't cost anything and they give you Win10
oh shti dude youre right it is expensive. hey guy with no credentials, expertise, or intent to purchase the product at all, what do YOU think a reasonable price should be? i'll get in touch with my contacts and we can rectify the issue.
@@planetfixer couldnt have said it better myself. hopefully one of the teams can get in contact with this new age genius
Not for professionals or enterprises. For your average joe running a homelab it is, but for bigger corporations this is a life saver and very reasonably priced.
If you're into malware analysis on a professional level be reminded: as an example, just your average enterprise grade firewall will run you $30,000 just to buy it, and then thousands of dollars extra per year for a license to do traffic inspection and all that sort of jazz.
Then take into consideration that you need a 3-2-1 setup for security and backup practices, so you need at least 2 of these expensive firewalls in 2 DC's, each with their own license that is thousands of dollars.
On top of that the price for a 1U or 2U rack space these take up, electricity and maintenance and you get the picture.
Now granted, the service provided by AnyRun will not replace an enterprise grade firewall, but it will allow you to save money elsewhere given that you now have a safer, remote, disposable way of running or analyzing malware.
If you want to do this in your own DC, on your own VM's, you have to factor in extra costs for e.g. VMware/Hyper-V/Nutanix, switches, routers, and extra software such as antivirus, firewalling, data/malware analysis and more.
All of that can be saved by just purchasing a simple, cheap license to rent some temporary compute on someone else's infrastructure.
You can literally ditch your entire DC and equipment, buy a simple laptop, and analyze malware from a remote café drinking overpriced mocha frappochino's, if AnyRun provides everything you need to do your job that is.
For most it will not be sufficient, but it will save you a lot of hassle and can save you a LOT of money!
buying a cheap computer or laptop would be a lot easier than this service.
Note: as of Nov 22nd 2023 not "anyone" can sign up they require a business email EVEN for the free account. Of course you can get around this by just having a parked domain, but yeah still mildly annoying for the avg person im sure.
4:41 "But they have pretty reasonable pricing" that _begins_ at *$1308 per year* or *$109 per month* and you're still limited to Windows 7 with that. But hey, at least you can now use the 64-bit edition.
Not sure how detatched from reality you have to be to think that the cheapest premium plan being this expensive is "reasonably priced". Lmao
subscribtion thats basically a second rent
Not sure how detached from reality you have to be to think that security oriented solutions are supposed to be cheap lmao. I think that the clientele for this type of service may use it for their company or to supplement their job
now wait and whatch someone make their same version but open source
@@turboxide It says "for individuals" and there's an enterprise version with even more features "for teams and organizations"
@@EagleGamerzNobody said they're meant to be cheap, but that's what the youtuber said it is even though it's not.
Just because some products like IDA cost 5k per license doesn't make this any less expensive or "cheap".
A Lamborghini doesn't make a BMW cheap.
it is malware if it has fortnite in the name
As a prior fortnite hater, the game isn't that bad if you stick to Epic created game modes and keep them mics off.
Never do anything more than solos because nobody seems to be able to use emotes and pings correctly :/
@@dreaper5813 grrr popular bad!!1!!1! 👶
@@dreaper5813 Your loss 🤷♂️ some people enjoy playing the game
@@Loujemouse Really like who?
@@kaeji_namitsua Me 🥰
How are you protecting your network? I know you’re in a VM but I know some malware (worms) can infect the network.
no
Intrusion detection system, closing unnecessary ports, firewall configurations, vpn
He could be ssh’d into a machine prob
You can segment using vlans or firewall rules. It is best to airgap from the rest of your network
@@corndoggoiscool8223VPN’s are not the solution to every problem.
Not sure why people with regular email's can't sign up, even though there is a link for a Non-Commercial Trial and also a Community version for free link way down at the bottom of page; both asking for a business emails. (Not sure why a business would be downloading Video games cheats and hacks, I assume its for demo purposes). If we did have business email.. how long is the Trial?
I was needing this exact video, thank god im subcribed to you
Absolute legend thank you for this brother keep up the good work and keeping us all safe
Man I really wish there was an offline form of something like this that you could host on your own hardware for free. There's gotta be, right? Maybe not as robust as this, but some kind of VM that logs all the malicious connections and dropped EXEs and notifies you in real time. Closest thing I could find is something like CrowdSec that does this through a web portal
im sure in vmware you can do it, but its not easy xd
You can do it with any VM software, but it won't be nearly as secure. Doing it over the web means it's fully sandboxed. Doing it on your PC means there is a realistic chance of it spreading to the host machine.
Cuckoo Sandbox, its FOSS and you can customize it to your heart's desire.
Theres a lab by a youtuber named huskyhacks that shows how you can use VMs (windows + Remnux) to detonate malware fairly safely. The windows VM acts as detonation box and the Remnux box has inetsim or some other shit that basically tracks HTTP/DNS requests if you set it up properly. Might not be explaining things properly, I'm a noob lolol.
@@skylarkblue1 Aslong as its being hosted on a hardened VM with no known vulns then there isn't much downside to self hosting a solution for this other than complexity.
Btw, just because you run it in a VM doesn't mean that you are safe from Malware.
It is possible for it to escape VMs, and even though several layers of VMs.
If you really want to avoid it, have a separate machine that isn't connected to anything.
it's impossible for it to escape an online VM though
Then make a video showing how it can escape a VM if you think that's true.
@@neipas09 it can escape the vm and infect the system at the kernel level
I wonder, if the virus does not specifically break any physical components, is it possible to dual-boot a machine and then just wipe the drive and reinstall the OS if your system got compromised?
@dreaper5813i want to ask that if i run or test malware on windows os created on usb or portable ssd then my system will remain safe or it will get infected?
Awesome thank you for sharing 🙏 💯‼
Those 90s are sick!🔥🔥🔥
Thank you leo amazing video and i wioo definitely try that site
rat is a genius name for malware like this
Good to know.
Best security channel on CZcams.
Best is a bit of a stretch.
It's a reasonably good channel. The vast majority of the videos are advertisements for the software/services featured in the video. But it does help raise awareness of different types of bad software in the wild.
@@Shocker99 I love this channel because they're to-the-point, technical and don't try to make you feel like you wouldn't understand what they're talking about. Any recommendations for better channels?
NetworkChuck is way better.
what is the tool you used to analyse process and traffic in vm, can it be installed locally?
If only any.run wasn't so expensive for anyone to use. Professional use by a company that can pay for it is okay but it not remotely cheap enough for the average user wanting to see what a program does
Awesome ❤
4:41 "But they have pretty reasonable pricing" No way, the cheapest offer costs $1308 per year and $109 per month. If that's reasonable, I don't know what wouldn't be but I guess something like $5000 a year (or month). What's the best, that with such cost it doesn't give you ability to use anything besides Windows 7 (but here's a "wow", it gives you ability to use *64 bit Windows 7* :00, just for half of your salary). I'm not even gonna start how much the second plan costs ☠☠
I'm scared how much Enterprise costs but probably some magic price that I could buy a house with, probably that high that it wouldn't even fit in the column, that's why it isn't said
Wow,.the best cybersecurity channel,.worth it to subscribe ❤❤❤
I would love to see what you think about the state of malware and how it works on macOS. I found it very intriguing when you did some videos on linux. I know it may be tedious but it would be very neat.
Aint no one making malware for macOS
@@Xjag That was a valid perspective, 15 years ago. Now there's enough and more malware for mac/ios.
@@zaks7 yeah but realistically noones using them on people, most people are on windows, iPhone would be next to impossible because apple is so quick at patching vulnerabilities
Might have legal reasons, since macOS is only allowed on apple hardware
i love you because you keep us infomed. i hate you because u give me the feeling i do everything wrong and although Avast and Malwarebytes say there is nothing, i feel like there is something. So yeah, thanks
Hi, I'm a follower of your channel and would like to make a suggestion. Carry out the Blackberry Cylancer test, given that the last test was four years ago
well it's nice if YOU can try it for free but telling your average viewer to use it... that's not fair, because they don't have the money. That's the problem I've run into.
I'd love to see a tutorial to make a self-hosted sandbox. Filtering all requests etc. can be tricky because windows does shady stuff as well.
A whole business account just to do this
4:34 no, not anyone can sign up. You have to have a business mail and normal providers like proton or gmail do not work.
just make on then its so easy
hiiii great video btw two questions
1. what if its a false positive
2. what if the rat is a bios virus that stays on your motherboard
a rat is also a larger more aggressive form of a mouse
Nice video
thx :D
What would be an alternative way of checking a application without using a website like this? Is virtual Box safe to do this? What tools would I use to analyse this traffic in the VM?
I understand this is a product placement, for a good product I am sure, but would appreciate an answer.
analyzing the file with virus total or submitting it and wait for someone to run it in an environment. Also, in the beginning he showed process explorer which is free. What you dont understand google or take a class in malware analysis(most are free in youtube). Furthermore, you can set up a vm of your liking and run it there to see if anything breaks, however a lot of malware has the ability to not activate when it detects a vm. Other AV software has the ability to run it but its almost never free. Remember that most things that are good are not going to be free because time, effort and resources are constantly being put into it. If u dont have the knowledge or cant be bothered, google it or pay for a service.
virus total does the same job, but you will have to read to understand what it did to your pc so you can fix it maybe. i ran a fake directx installer and virus total showed me everything that any run would show, just not as simple.
Triage is a fantastic site that you can use a lot more of for free than this. Virus total isn't always the best as it can only take small files, and often spits out false positives - you need to know how to read the files to understand their reports. Doing it on your PC isn't overly safe as malware can, and have in the past, be known for breaking out of VMs and infecting the host computer (your actual computer).
I've installed all kinds of questionable software, but so far I haven't had any issues.
Also that site is for businesses only.
A video on how to do all that yourself would be a lot more helpful.
I wonder if you can use blue stacks to run infected apks and keep your PC safe.
bluestacks cant run exe , also you can't run cheats on bluestacks they have soomekind antivirus ldplayer doesnt really have it
I wouldn't do that. If I remember correctly, you can copy/paste and drag&drop from your host to bluestacks, and you don't want shared resources to analyze malware.
I would suggest installing genymotion inside a virtual machine. You could then install burpsuite in your VM and proxy all your android web requests to burpsuite and analyze its network activity.
Can I upload a whole application to the sandbox or this just works for single executable file?
Hello,Yes, sure. You can upload even many application files at once in an archive, the only limitations are file sizes.
@@ANYRUN🤡🤡
Can someone tell me how to setup a good sandbox? I know vlans can still identify your router and vms arent completely fool proof. What does everyone do for max separation?
thank for the video , why do you use internet while running a RAT ?
isn't it dangerous ?
it could infect your computer as well when the sandbox uses the your main PC for internet connection
I guess he is using a specific vlan on the VM with only internet access through his router and blocked all kind of other traffic through strict policies, maybe with a specific network card to be extra sure (at least I hope, if not it would be ironic for a channel about security)
The only way that would happen is through a no-click exploit in windows/whatever software he has facing the internet. These exploits sell for literal millions of dollars, you have nothing to worry about.
what about Windows Sandbox?
What about OS X, linux, BSD? How to tell if web apps are malicious etc?
Bro really made a Ad for Any run..
Can you do a video about peerblock ?
wanted to try any run but cant sign up at all, not even for the free task host. had a fake file running on my pc and wanted to check it, well virustotal does the same job, but you have to dig abit deeper and reed its behavior tab, figured it out, ran sfc scannow and that fixed most of the corrupted files, everything else was done from myself by hand deleting temp files.... nice programm that i would use, but not like that sry.
How can anyone use it if you need an buisness E-Mail?
Same issue. We are normal people trying to be safe
@@57tlm78get a college email, it is considered to be a business email.
I have the same question and same issue
My security application makes me impossible to run random executables I downloaded.
me as a fortnite player, i really think people should never use hacks or any cheat for playing, it will make you suck at the game and youll never learn any skill at all.
fortnite is a great game for sure, many updates makes the game looks fresh and cool. have a great game! gg
my aim is already good enough that i get accused of aimbot
I just need a cheat that can crank for me and do edits 😭😭
How does Windows 11 Pro sandbox rate?
1:18 by the way, maybe you shouldn't have signed in to a paid AnyRun account on a VM running a RAT/infostealer
Ok, I guess AnyRun gave you an enterprise account, but that's still value given to the attacker.
Aren't they islolated?
@@WockOpsthey are, the guy has no idea what he’s talking about lol. The AnyRun credentials aren’t stored on the AnyRun VM LOL!
@@marcfabricatore1506 but he's signed in to Anyrun on the VM he ran the malware on (look at the taskbar with MS Edge, which had AnyRun signed in, and the malware)
thats what I figured...@@marcfabricatore1506
I use vm in a winPE base, running vm in 7 is easy, try getting everything to work but have it work in PE
Hey, my name is Fortnite Big Chungus and I like this video.
Please do not login to any run on the infected vm.
how do i get a business email to sign up in any.run?
What about windows sandbox?
What VM do u use?
what if I made a simple app that has RAT that only stars working after couples days so it will start ? no all ip wonts be detected right away and a user will keep the software there
Still likely sets a schedule task to run at a later date
but it doesn't use the windows task schedule just checks after 3 days and then init
@@leexgx
Yes that would work and is very common. It would only schedule a task if the creator wanted it to run at a later time on its own.
The malware would have to actually do what it was that made the person download it though. In this case, cheat in Fortnite. If the cheat didn't work, they'd just delete it.
This video was just a means of showing off that web based virtualization service as an advertisement.
@@MTGeomancer ohh I see thanks I meant not for fortnite but something else like
Its somewhat common to see this method being used, most AV sandboxes will automatically skip long sleep functions and other suspicious looking things.
Completely out of topic, where can i get that wallpaper
Is any. Run related to any. do?
what a joke this video... the license that he was using here is round about 3500$ :'D
a year
How to register on any.app if i don’t have bussiness?
I have the same question
How about running exe's in Sandboxie?
That won't help much. plus some applications will not work at all
i had the same and i am alr busy 2 months stopping the hacker from loggin in to my accounts and stealing money but he went live on tiktok and i have photos and vids of him
A RATTE got me two days ago. It was annoying.
whats the best free sandbox to use
Virtual box is free.
Windows Sandbox if you have Win10/11 Pro
It would be nice if a normal person can sign up for app any run , it asks me for a business email and i dont want to pay for one
Yup, Same here and its odd since it says Non-Commercial Trial; If we did have business email.. how long is the Trial?
"Russian IP... Russian IP..."
I'd say other connections with named URLs are also could be suspicious activities with injected IP and/or faked DNS requests (and page names) regardless in which country they hold their virtual servers
But the IP was Russian
same thing in China & Russia or around the world they call it U.S IP
That's not necessarily true, a disproportionate number of russian ips are associated with suspicious activity, often because the authorities there are less adept (willfully or otherwise) of shutting down access to such infrastructure and a lot of cybercriminal gangs are from eastern EU/Russia. Of course it isn't always the case, but this video is trying to show the viewers examples of different things (like the country the connection is made to, if it is a known hostname etc) that they can use to narrow down suspicious behavior.
Based on statistics, there is a good reason to see a Russian IP more carefully.
@@pcsecuritychannel It's not the point which I'm talking about. Yes, in terms of numbers of attacks and botnets amount its definitely true. But in this case I can just rent a vps and host on it simple DNS server, that would serve my own proxie's IPs on any request and make a DNS request to fake service then send to my proxy (in any country where I can rent a vps/vds) some data through TCP with fake HTTP(S) header and proxy whould do the rest. If anywhere the proxy is downed, just remove the IP from the list, up a new extra proxy and sit'n'watch, it's that simple
do a Norton vs bit Defender
welp, registration is for business emails only...
what if you dont create a seperate exe but embed everything to run as one and use a good crypter? hmm
RunPE is mostly useless nowadays, you'll get clapped the second you decrypt your load method.
Requires a "Business Email" to register.
I downloaded a suspicious file and my facbook account is stolen i deleted file malware bytes didint detect anything
Is the sandbox feature on Windows robust enough to be used like this?
That was my question / assumption. All though, I don't know that I would consider it sandboxed enough on the windows machine for my own comfort level. If I were to do it locally I would maybe consider VirtualBox by Oracle depending on how concerning the file is. I do like the web solution presented in his sponsor though, I also may consider that if I find myself wanting to test a particular file
No matter which sandbox you use for malware testing (VirtualBox, VMWare, Windows Sandbox etc.) you will have to use a VPN on your host machine and need to set up a guest network to be really on the safe side. Otherwise, Windows Sandbox definitely is strong enough.
@@UrbexAlliance-SG Thanks for your information, I appreciate your comment 🙏🏻
@@UrbexAlliance-SGWould you mind elaborating further? I think I understand what you said, but I’m new to this cybersecurity stuff. As far as I understand it, VMs are not totally airtight and safe to run suspicious files and applications in because they still connect to your router and network, which a smart virus or something could use to breakout and end up on your host machine. So using a guest network for your VM would… somehow? (not sure on the specifics) help prevent your network from being compromised, while a VPN on your host machine would act as a second layer between your network and your machine in case your network was infected. Did I understand that all correctly? I am very interested in this subject!
wait did I just get advertised to
you shoudl really mention that you need a business email for anyrun because I cant use it
Is virtual box free?
Yea
Hello can you do a video on trojan rat at minecraft
can you do a video about hardened windows vs normal windows
this is why u get notifications saying chang ur password on ur iphone in settings they get ur passwords trust i just did a major password wipe i had this exact exe im just trynna find a vid to watch while i eat lmao idk how i find this
Ikn some devs that make a working cheat it’s normally shitty but it works but it’s a. Rat lots of paid ones are crypto miners to I just recommend make your own or download ones from trusted communities
Lol 109/mo (minimum) is a resonable price? 😅 It's -in a single month- more than what is necessary to spend to have the full unlocked version of the best antiviruses in the commerce rn for an entire year. Not so acceptable
Is using Windows Sandbox safe?
Seen the pricing??? Good Luck if you want to test Windows 11
I'll post this on TikTok because some scammers use TikTok for promotion
You're promoting this guys advertisement on Tiktok? You shouldn't do that unless you get $$$$$$$$ for it like this guy did.
You misunderstood me. I posted this man's clip on Tik Tok because I see a lot of script kids promoting such programs on Tik Tok.@@Gringle_
109/mo or 299/mo is not a reasonable price... with that money i can save to build my own computer and test it installing those programs and then reinstalling the OSor using a virtual machine, o a personal server just that purpose.
While I am against malware, I don't mind the cheaters getting fookd
Viruses re getting common unfortunately
the answer ? ... u simply don't... ever heard of time bombs ?
Good video, but any.run is not reasonably priced.
What if i have a firewall? Will it alert me that the exe is trying to make a connection?
wont let me sign up for any.run it keeps telling me i need a business email
Yup, Same here and its odd since it says Non-Commercial Trial; If we did have business email.. how long is the Trial?
I am pretty sure I used a personal Gmail when I signed up a few years ago
same issue
so this wasnt really a video on "how to tell if an application is malware" now is it. i think the title "sponsored video of a ridiculously fucking expensive application that im trying to shill to you" would fit the content of this video better
Naw why do i need to text them to get a personal account, no thanks I'll just stick to the usual malwarebytes.
Can the malware detect that it's currently detonating in sandbox?
Can? yes. All malwares? not really.
I will rest some adobe torrents on this 😅
Did you really log in to a online service website on an infected system environment, especially by a RAT? Nice cyber security stuff
can you send me the link to those cheats, i want to be bugha
I don't actually mind cheaters all tht much, I mean they're legit installing malware onto their pc to cheat in a game only to be banned half an hour later.
Honestly I have nothing against malware inside applications that are obviously designed for cheating in competitive Multiplayer games. Kudos to the maker! :)
Where can i find a safe process explorer?
30 seconds late wow