Unraveling the IcedID Malware Stager & Phishing Email
78,104
Published 2022-12-12
Help the channel grow with a Like, Comment, & Subscribe!
❤️ Support ➡ j-h.io/patreon ↔ j-h.io/paypal ↔ j-h.io/buymeacoffee
Check out the affiliates below for more free or discounted learning!
🖥️ Zero-Point Security ➡ Certified Red Team Operator j-h.io/crto
💻Zero-Point Security ➡ C2 Development with C# j-h.io/c2dev
🐜Zero2Automated ➡ Ultimate Malware Reverse Engineering j-h.io/zero2auto
⛳Point3 ESCALATE ➡ Top-Notch Capture the Flag Training j-h.io/escalate
👨🏻💻7aSecurity ➡ Hacking Courses & Pentesting j-h.io/7asecurity
📗Humble Bundle ➡ j-h.io/humblebundle
🐶Snyk ➡ j-h.io/snyk
🤹♀️SkillShare ➡ j-h.io/skillshare
🌎Follow me! ➡ j-h.io/discord ↔ j-h.io/twitter ↔ j-h.io/linkedin ↔ j-h.io/instagram ↔ j-h.io/tiktok
📧Contact me! (I may be very slow to respond or completely unable to)
🤝Sponsorship Inquiries ➡ j-h.io/sponsorship
🚩 CTF Hosting Requests ➡ j-h.io/ctf
🎤 Speaking Requests ➡ j-h.io/speaking
💥 Malware Submission ➡ j-h.io/malware
❓ Everything Else ➡ j-h.io/etc
All Comments (21)
-
In my opinion, reading out the wacky variable names adds an extra layer of entertainment on top of the already great content
-
One day I'm gonna be on this level of CS
-
Hey! It's time for my 15 minutes of fame! Thank you for these educational vids, and thanks for the emails acknowledging my email/letting me know you would make this video. I got about as far as John did 15 minutes into the video, and at the time my javascript knowledge was so tenuous I couldn't figure out what happened next. My apologies to you all for not getting far enough to download the DLL from the attackers' server. Since my coworker/boss/nemesis was a little more vigilant after a previous (less interesting) phishing attack (that had worked), they did not detonate this payload and we never saw the later stages. Given that Zero2Auto course is only about $200, I'm absolutely gonna look into that. This series is some of my favorite cybersecurity education, along with the videos teaching DIY lab setups and playing around with pentesting them, and I'd pay at least that much to learn how to do my own in-depth malware analysis. P.S. even if I had been a little more skilled, I probably still wouldn't have downloaded the DLL; it's my understanding that some of the variables set in the url identify the target and would probably result in my coworker getting more attention from future campaigns
-
Would love more malware analysis / deobfuscation videos! They are really interesting and I'm absolutely hooked, even though I don't always completely understand how they're constructed. Hope you'll post more, even if we've seen the malware before
-
I enjoy this type of video, more of these, please! I receive millions of this type of malware in my email and I do go through them but the way you do it is fun and I like it a lot!
-
Love the way you unpacked the entire thing. Mind blowing lol. The amount of experience and skill it takes to get to this level.
-
I absolutely adore the methodical dissection of code and your method of stepping through it with the jokes. Legend!
-
Thank´s so much for this kind of walktroughs. It made me wanna get more into this.
-
Great work! You always come out with some really informative and educational videos! Love it!
-
Those variable and function names will drive anyone crazy. I was really hoping it would somehow end up with Opposite("Always coming from take me down")
-
This was so enjoyable to watch, thanks for sharing 😁
-
Awesome content and well presented, well worth a watch
-
Love these kind of vids. Have you ever done similar videos with the samples from the malware traffic analysis site?
-
This video rocks. Thanks, John! :D
-
Love the content John!
-
Very informative thanks 👍
-
i love it when you do malware analysis
-
Never thought that the technique I used as a kid to up my word count in word by changing the font colour would be used by malware, since it seems so obvious now as an adult
-
I did enjoy this one, thanks man!
-
I love it 👍 greetz from Germany