Malware Analysis - Gootkit Decryption with Python

Channel:
United States Guided Hacking
Subscribers:
178,000
Published on ● Video Link: https://www.youtube.com/watch?v=uEb1Kml-SpQ


Category:
Tutorial
Duration: 36:12
5,226 views
0

In this video we take a look at how to go about replicating custom algorithms in malware, or even legitimate software. Nowadays, it is extremely common to find malware authors rolling their own crypto algorithms, either for encryption or decryption. As a result, you might have to write your own script to automate encryption or decryption of data, which opens several doors upon doing so, like writing automated config extractors. In this case, we look at a simple custom string decryption algorithm used by Gootkit, and replicate this decryption routine in Python.

Zero2Auto Sitewide 10% Off Coupon Code = "GUIDEDHACKING"
https://courses.zero2auto.com/?coupon=GUIDEDHACKING
^Automatically applied with the link above^

Time Stamps:
02:46 Unpacking Gootkit
12:01 Static Analysis
24:50 Dynamic Analysis
30:59 Replicating the Algorithm

Discussion: https://guidedhacking.com/threads/malware-analysis-gootkit-decryption-with-python.16558/
Donate on our Forum : http://bit.ly/2HkOco9

file hash: cbdaba88959dd21dc6605f8eda642f18

Gootkit is a banking trojan that has been around since 2014 but became sort of famous in 2019, it's purpose is to steal online banking credentials. At the time a new version of Gootkit was identified in 2019, it was using an interesting Windows Defender bypass by whitelisting it's path via WMIC commands. The Gootkit banking trojan also used a UAC bypass via the DelegateExecute registry key and fodhelper.exe. There appears to be a few variants of it, each article I have found seems to describe them a bit different.

Malware Analysis is the process of using disassemblers to statically analyze malware samples along with debuggers to analyze them at runtime. With these combined methods it's possible to reverse engineer a piece of malware and identify it's methods of distrubtion, compromise, elevation of privelage and persistence mechanism. With this information security professionals can effectively detect & combat these threats world wide. If you enjoy reverse engineering, a career in malware analysis might be for you.

This Malware Analysis tutorial will walk you through the process of unpacking the Gootkit banking trojan malware. This is not a beginner tutorial, you will want to have some experience with reverse engineering to really enjoy this video. You will learn how to perform static analysis with the free version of IDA Pro, perform dynamic analysis with x64dbg and you will learn to do these things side by side to identify the string encryption algorithm. Once the encryption algorithm is found we'll identify it as a simple xor cipher and write a short python script to automate the decryption of this banking trojan's encrypted strings.

--=GuidedHacking=--
Donate on our Forum : http://bit.ly/2HkOco9
Support us on Patreon : http://bit.ly/38mnveC
Follow us on Facebook : http://bit.ly/2vvHfhk
Follow us on Twitter : http://bit.ly/3bC7J1i
Follow us on Twitch : http://bit.ly/39ywOZ2
Follow us on Reddit : http://bit.ly/3bvOB57
Follow us on GitHub : http://bit.ly/2HoNXIS
Follow us on Instagram : http://bit.ly/2SoDOlu
#MalwareAnalysis #Python #Gootkit



Other Videos By Guided Hacking


2021-06-29TryHackMe Bounty Hacker Walkthrough
2021-06-03How to Hack Unity Games With il2cpp Scripting
2021-05-19Oopsies Ur DDOS Failed Again - Sad Face Double XL
2021-05-17DDOS Protection for Dummies - Nice Try Skids
2021-05-11TryHackMe Kenobi Walkthrough - Quick & EZ
2021-05-04Radare2 Course - Lesson 0x9 Cross References - Radare Tutorial
2021-04-22Radare2 Course - Lesson 0x8 Navigation - Radare Tutorial
2021-04-15TryHackMe Brooklyn Nine Nine Walkthrough Tutorial
2021-04-08Game Hacking Presentation - BSides Munich 2020
2021-03-24TryHackMe LazyAdmin Walkthrough - Penetration Testing Tutorial
2021-03-11Malware Analysis - Gootkit Decryption with Python
2021-02-23Learn How to Unpack ASPack Tutorial
2021-02-12TryHackMe Anonymous Walkthrough Tutorial
2021-02-04Learn How to Unpack PECompact Tutorial
2021-01-24TryHackMe RootMe Walkthrough Tutorial - Pentesting
2021-01-08How to Unpack VMProtect Tutorial - no virtualization
2020-12-29How to Unpack Ramnit Dropper - Malware Unpacking Tutorial 2
2020-12-22How to Unpack FlawedAmmyy - Malware Unpacking Tutorial
2020-12-15How to Use r2pipe with Python - Radare2 Tutorial
2020-11-30CS420 8 - How to Edit Assembly Tutorial
2020-09-28HackTheBox SolidState Walkthrough - Penetration Testing


Tags:
malware analysis
malware reverse engineering
reverse engineering tutorial
malware analysis tutorial
gootkit
gootkit banking trojan
gootkit malware
malware reversing
malware reversing tutorial
zero2auto
zero 2 automated
malware analysis course
gootkit decryption
banking trojan
reverse engineering
ethical hacking
reverse engineering malware
reverse engineering for beginners
cyber security course
cyber security analyst
cyber security career