Analyzing the Zeus Banking Trojan - Malware Analysis Project 101

ive sat through a lot of cyber threat related presentations and this was great! very informative and you have a really good presenter voice.

ruzu.

Very cool and in depth analysis. Haven’t finished the video but already just loving finding all these tools for malware detection and analysis

BreakingStupidity

this is really incredible grant, hope there are future eps in the work!

gitgudsec

This is the best Trojan. I am glad that I was familiar with the author of this magnificent virus and was in his group back in 2011.

vitss

I really enjoy your channel keep them coming. what I was needing. Thank you

bishophunter

Thanks for breaking everything down! Great for beginners and pros alike

mattheworr

As soon as i finished watching the build for a lab, talk about perfect timing :)

MrIntake

Brilliant. I hope you create more content like this one !!!

Thank you for sharing

Manavetri

20:35, Another way to keep your anxiety in check is to remove the .exe file extension meaning if you accidentally double-clicked on the file it won't recognize it as an executable and it won't execute, and change the file extension anxiety free just use the command line or PowerShell to change the files .exe extension to the file name with no extension.

ME-LU

intro is the uac bypass method, loops until you press yes

robrox

Mind blowing. keep bringing these kind of wholesome videos. It really inspired to me get started being a newbie.. 😍 Few question though

1. I wonder why didn't you mention defanging the binary before performing all the static analysis.
2. Will there be more in depth analysis of malware in future videos? Like dissecting source code, if it can be recovered in some way. So that we can understand how it actually deleted itself and placed itself inside google update .

AvinashKumar-fexb

first off, great video. Exciting to work with something live and be guided as we go. There are a few things that I would hope you may touch up on with your next video. Someone commented about defanging. That sounds important. As for me, I would like to know what to do with the malware files after one is done. Does one simply turn off the VM or does one send the files to the trash bin, recycle, and then shut down the FlareVM window, or can we just simply reset the Snapshot? I know it sounds silly to ask, but definitely would help. Keep up the great work and again, looking forward to more of your videos.

lexiriam

Hey man, I don’t comment much on Youtube videos but you helped me with my capstone project for school. Thank you for your content!

kishanpatel-uksu

This is really well done
However my malware was not acting at all the same way as yours was, it didn't ask to run any app and it had maybe one or two processes in the process tree. When detonating on WireShark, multiple times, never got a peep out of it. Made sure I was running remnux and all that, and they were connected host to host, etc

But, I was still able to run the process alongside you, which is what I was looking to do. Great experience to put on a resume.

ChadVanHalen

I am stuck at the part where you enable the internet in the FlareVM i copy everything you do but im getting not able to reach any web pages i imagine because my dns settings on FlareVM is 10.0.0.4 which is the REMnux ip. How did you get it working? thx

willroberts

Amazing Video! I learned a lot. Keep up the good work!

dekra

Im getting an invalid architecture error when trying to floss the executable into strings.txt

ftgljared

Very COOL video, are you going to do it with AWS version too? It would be amazing to see how it's done in a cloud enviroment

MarcBadalBatllori

It would be helpful if you send the analysis report link to download. I am in need of it. Thanks

dharsann

I would like to see how malware obfuscate themselves to evade defender and all

firosiam