Analyzing the Zeus Banking Trojan - Malware Analysis Project 101
Vložit
- čas přidán 13. 06. 2024
- ⛔ Disclaimers: I take no responsibility or accountability for infection of malicious software, programs, files onto any computer or workstation. This project and videos are for educational purposes only. I do not condone the development, use of, or spreading of programs to intentionally harm assets, networks, or individuals.
Safety is key when dealing with malware. Ensure you always are following protocols when it comes to downloading and detonating a malicious sample. Follow all instructions within the courses and listed resources.
📝 Notes:
cybercademy.org/the-malware-a...
⏰ Timestamps:
0:00 - Introduction
1:01 - Overview of Analysis
3:52 - Background Info & History
7:11 - Overview of Analysis Tools
14:05 - Download Zeus Banking Trojan
19:25 - Static Analysis
55:27 - Advanced Static Analysis
1:06:36 - Dynamic Analysis
1:29:33 - Writing YARA Rule
1:40:55 - Conclusion
🔗 Links & Commands:
Zeus Banking Trojan Binary (Be Careful!) - github.com/ytisf/theZoo/tree/...
Cutter - cutter.re/
🐕 Follow Me:
Twitter: / collinsinfosec
Instagram: / _collinsinfosec
Cybercademy Discord Server: / discord
🤔 Have questions, concerns, comments?:
Email me: grant@cybercademy.org
🎧 Gear:
Laptop (Lenovo X1 Carbon Ultrabook 6th Gen): amzn.to/2O0UfAM
Monitors (Dell D Series 31.5” D3218HN): amzn.to/2EXlgRF
Keyboard (Velocifire VM01): amzn.to/2TEswfd
Headphones (Audio Technica ATH-M40x): amzn.to/2F4Tvq6
Work Monitors (Dell U4919DW UltraSharp 49 Curved Monitor): amzn.to/3yQmDhM
Desk (FLEXISPOT EW8 Comhar Electric Standing Desk): amzn.to/3S9OxvG
Very cool and in depth analysis. Haven’t finished the video but already just loving finding all these tools for malware detection and analysis
ive sat through a lot of cyber threat related presentations and this was great! very informative and you have a really good presenter voice.
I really enjoy your channel keep them coming. what I was needing. Thank you
this is really incredible grant, hope there are future eps in the work!
Thanks for breaking everything down! Great for beginners and pros alike
Amazing Video! I learned a lot. Keep up the good work!
Thank, informative.
great video finished it
first off, great video. Exciting to work with something live and be guided as we go. There are a few things that I would hope you may touch up on with your next video. Someone commented about defanging. That sounds important. As for me, I would like to know what to do with the malware files after one is done. Does one simply turn off the VM or does one send the files to the trash bin, recycle, and then shut down the FlareVM window, or can we just simply reset the Snapshot? I know it sounds silly to ask, but definitely would help. Keep up the great work and again, looking forward to more of your videos.
Mind blowing. keep bringing these kind of wholesome videos. It really inspired to me get started being a newbie.. 😍 Few question though
1. I wonder why didn't you mention defanging the binary before performing all the static analysis.
2. Will there be more in depth analysis of malware in future videos? Like dissecting source code, if it can be recovered in some way. So that we can understand how it actually deleted itself and placed itself inside google update .
Happy to help.
1. Great point. I didn't mention defanging for this sample, since it wasn't necessary. But this was an oversight on my end, for safe handling, always defang!
2. Yes, hopefully. There will be more content to come. I still yet to learn some advanced analysis techniques.
can you please suggest any malware course outside and what course are you learning
@@collinsinfosec
As soon as i finished watching the build for a lab, talk about perfect timing :)
Perfect timing haha! Enjoy.
20:35, Another way to keep your anxiety in check is to remove the .exe file extension meaning if you accidentally double-clicked on the file it won't recognize it as an executable and it won't execute, and change the file extension anxiety free just use the command line or PowerShell to change the files .exe extension to the file name with no extension.
This is the best Trojan. I am glad that I was familiar with the author of this magnificent virus and was in his group back in 2011.
Very COOL video, are you going to do it with AWS version too? It would be amazing to see how it's done in a cloud enviroment
👍Thanks !
intro is the uac bypass method, loops until you press yes
Hey man, I don’t comment much on CZcams videos but you helped me with my capstone project for school. Thank you for your content!
Thank you for this wonderful project❤
Is this the last part of the project?
This is the last part of the project. Hope you enjoyed the series!
I enjoyed it very much, thank you
May I share it with my friends on LinkedIn and mention you?
@@omarashraf4914 Absolutely!
It would be helpful if you send the analysis report link to download. I am in need of it. Thanks
This is really well done
However my malware was not acting at all the same way as yours was, it didn't ask to run any app and it had maybe one or two processes in the process tree. When detonating on WireShark, multiple times, never got a peep out of it. Made sure I was running remnux and all that, and they were connected host to host, etc
But, I was still able to run the process alongside you, which is what I was looking to do. Great experience to put on a resume.
Is it possible that it detected it was in a VM? Malware will often behave differently if it does.
@@JustinLazlo Nice, I didnt know that
Bro I need a Suggestion
I just completed my bachelor's in computer science and now I want to do my MS in cyber security. but I'm confused there are a lot of domains and also university programs' list that make me more confused, can you help find the right program for my ms in cyber security
Im getting an invalid architecture error when trying to floss the executable into strings.txt
best video with least views
❤❤❤
I would like to see how malware obfuscate themselves to evade defender and all
If I want to work in Cybersecurity should I get a bachelors degree in Cybersecurity or bachelors degree in Computer Science with a minor in Cybersecurity? I know you have a bachelors degree in CBS, but would you recommend it instead of CS now that you've gone through it?
Thanks.
Hi, correct, I have a Bachelor's in Cybersecurity. I recommend a Bachelor's in either. Do whichever one you find more interesting. Computer science may be more beneficial if you do not want to limit your opportunities to just security-oriented jobs after graduating. Also, many computer science degrees are well-established compared to the "newer" field of cybersecurity.
I do not regret getting my degree in cybersecurity. I still would have chosen my degree in cybersecurity because I knew before entering university that I wanted to pursue the industry.
@@collinsinfosec Ok. Thank you so much for the reply! You have cleared up a lot of confusion!
@@collinsinfosec would you recommend the cybersecurity bachelors program from texas a&m commerce? I tried to post the link to the catalog but my comment keeps getting deleted. Thanks
@@PVredeemed go to wgu, thank me later, i graduated in 7 months
That's a flarevm lab right ?
I can’t believe this is free
Please make vd about malware apk analysis
Bro teach me how to create a Home lab to test these malware and malicious pcap stuff
Please sir, how do i contact you. It's very important and will be beneficial to you too
Email is probably the best option, grant@cybercademy.org.
can anyone send me report for this
25:24
I love your videos because they are very useful. I wish you success🤍