Hacker's Gave me a Game and I Found a Virus

preview_player
Показать описание
A hacker put malware on a Discord server that I hang out on, so naturally I downloaded it to see what it did. Instead of just running the software, I tried to reverse engineer it to get a peek underneath the hood at the assembly and see what was going on. I quickly found out there was MUCH more than what meets the eye with this malware.

🛒 GREAT BOOKS FOR THE LOWEST LEVEL🛒

🏫 COURSES 🏫

🔥🔥🔥 SOCIALS 🔥🔥🔥
  1. Low Level Learning
  2. malware
  3. reverse engineer
  4. reverse engineering
  5. reverseing
  6. hacker
Рекомендации по теме
Hacker's Gave me 0:02:23

Hacker's Gave me a Game and I Found a Virus

Watch This Russian 0:02:56

Watch This Russian Hacker Break Into Our Computer In Minutes | CNBC

25 Hackers That 0:07:45

25 Hackers That TROLLED YouTubers

Me Hacking in 0:09:13

Me Hacking in Jailbreak (apparently)

I Trolled Streamers 0:10:02

I Trolled Streamers With Hacks!

Watch these hackers 0:05:42

Watch these hackers crack an ATM in seconds

20 Fortnite Hackers 0:08:07

20 Fortnite Hackers That TROLLED Youtubers

24 GAMING Easter 0:08:07

24 GAMING Easter Eggs FOUND BY HACKERS!

'Stop Hackers Hacking 0:01:01

'Stop Hackers Hacking Your PlayStation 5 Account!'

How to LEARN 0:04:31

How to LEARN HACKING

Learning to Hack 0:05:03

Learning to Hack as a Kid

Trolling Fake Hackers 0:08:05

Trolling Fake Hackers with a Real One...

Hackers Destroyed This 0:09:00

Hackers Destroyed This Roblox Game

I tricked everyone 0:08:04

I tricked everyone into thinking I HACK and got BANNED..

Minecraft but Hackers 0:14:05

Minecraft but Hackers beat the game for me

Introduction to Hacking 0:06:55

Introduction to Hacking | How to Start Hacking

I secretly spectated 0:08:25

I secretly spectated HACKERS in Roblox Bedwars..

Hacking into Android 0:00:34

Hacking into Android in 32 seconds | HID attack | Metasploit | PIN brute force PoC

19 Video Games 0:08:32

19 Video Games That ROAST Hackers

HACKERS STOLE LANA?! 0:00:13

HACKERS STOLE LANA?! 😨 Dress To Impress LANA LORE UPDATE?! #dresstoimpress #dti

How to CLAIM 0:00:24

How to CLAIM a FREE SKIN in FORTNITE

Hacking 🔥 Expectation 0:00:31

Hacking 🔥 Expectation vs Reality | Coding Status For WhatsApp

This is how 0:08:05

This is how Hackers can *OWN YOU* with just a link!

This Roblox Video 0:10:34

This Roblox Video Made Me Cry...

Комментарии
Автор

Now imagine what's it like for malware researchers. You go trough all of those hoops every day, just to find out that it's an xmr miner

acuifex
Автор

The creativity of the hacker to just name the game as an already existing one

SpeckyYT
Автор

I could enjoy a 30 minute video on this topic.

billigerfusel
Автор

Might not have been the hack of the century, but still interesting to learn what they were attempting to do. Could maybe do a video in the future trying to dig into it a bit more? Maybe even an overview on how to write a deobfuscator? Would be neat

bitfun
Автор

1:26 Looks like the malware maker uses Sprinthost's technical domain to host the virus. The subdomain is the username of the client. It might be a good idea to inform the hosting provider that one of their clients uses their servers for malicious purposes. The clients must provide the scan of their passport (or other documents if it's a legal entity) in order to use their services.

KunningFox
Автор

A longer video explaining the intricacies of your discovery process would be awesome.

shimadabr
Автор

A friend of mine got hit with a similar scheme but this one stole passwords and other data from chromnium browsers. Once I found the malwares put requests I may or may not have uploaded a few hundred fields of fake generated data into their server.

ZarkWiffle
Автор

Nice. Tell us more about the sandbox tool at 1:45. Is that something I should know about? I was expecting a VM, is this some wrapper for a (cloud?) VM? What considerations do you make before running sketchy binaries to avoid them breaking out of the sandbox and affecting the host system?

fwilhe
Автор

Would be good to explain in as much detail as possible what steps you take to ensure a virus will not be run on your main machine and will definitely be isolated to the sandbox of your choice. Don't want a random 14 year old feeling invincible, only to get their mom's laptop pwned because they don't know how to put a VM in the DMZ.

heroclixrz
Автор

FYI, the first stage is called a dropper because it downloads/drops malware from another computer onto yours

TowelPanel
Автор

“I just ran it” and that actually is often the easier thing to do. Because some code can indeed be hellishly obfuscated or even compressed and/or encrypted and to reverse engineer that can take ages. Just running it, whilst having wireshark logging and memory dumping the data segments and on Linux I live to run strace or Solaris truss as well. And see what kernel calls with what data are done.
Now I never reversed engineered malware but mainly copy protection and old unsupported software (statue of limitations has passed 😂), or create cheats in games (a lot of that on this channel too) and debug unsupported code that still ran (and probably still is).

CallousCoder
Автор

It would be great to see a detailed video on how you reverse engineered this. You speak through your process so casually when it’s actually super impressive stuff you’re doing that I’m sure a lot of us would like to better understand

Rottenham
Автор

Great video, I would enjoy a detailed explanation of your approach to reverse engineer the binary

khalilovitch_
Автор

This is really interesting, the entire idea of reverse engineering and looking for those hard coded urls and files is really smart.

I’d love to see a course on decompiling executables and understanding their purpose.

Happy new year!

jumanji
Автор

0:33 Folders named \Cryptor\Loader runpe huh? Really subtle hacker, reaaaaly subtle

vyldim
Автор

i almost fell for this a few months ago

but the part that made it believeable was it from one of my friends hacked accounts. and he was developing a basic platformer so i didnt think twice about it.

i only realised once a cmd opened and discord restarted to the login page.

NutflX
Автор

There are a lot of good malware reversing researchers here on youtube. Many don't like to/are not capable of jumping into IDA. This is great!

superswords
Автор

Nice video, you should do more videos about this IDA tool, it's really interesting

chadengineer
Автор

That's funny. Always wondered why nobody ever took my old DOS screensavers back in the 90s. Then I realized they thought everyone on the internet was out to get them.

billyjoejimbob
Автор

I've received a very interesting malware once, that was a Java file, but all classes and functions were renamed to sound like they were part of a game.
(Like "Map", "House", "Inventory", etc.)
But if you looked into the classes you could see by the behavior that this wasn't a game at all.

So be careful when trying to assume things from using string.
Some madman might have been smart enough to just rename everything.

Littlefighter