Analyzing the FBI's Qakbot Takedown Code (Malware Analysis & Reverse Engineering)

Description: In this video, we analyze the FBI's Qakbot takedown code using malware analysis techniques. Timestamps 0:00 - Intro 1:21 - Shellcode analysis with Malcat 7:23 - Identify functionality with Mandiant's capa 10:41 - Analyze shellcode with Ghidra 15:35 - Debug shellcode with runsc 19:40 - Review decoded executable with PEStudio 21:07 - Code analysis to confirm how Qakbot is terminated (warning: screen flickers here for a few seconds due to a recording error) SANS Malware Analysis Courses I Author and Teach: FOR610: Reverse-Engineering Malware: Malware Analysis Tools and Techniques ➡ https://sans.org/for610 (co-author) FOR710: Reverse-Engineering Malware: Advanced Code Analysis ➡ https://sans.org/for710 Sample: https://github.com/as0ni/youtube-files/blob/main/7cde.zip Password: infected Unzipped SHA-256: 7cdee5a583eacf24b1f142413aabb4e556ccf4ef3a4764ad084c1526cc90e117 Description: FBI Qakbot Takedown Code Tools: Malcat: https://malcat.fr/ Ghidra: https://ghidra-sre.org/ Capa: https://github.com/mandiant/capa Capa Rules: https://github.com/mandiant/capa-rules Speakeasy: https://github.com/mandiant/speakeasy x64dbg: https://x64dbg.com/ Runsc: https://github.com/edygert/runsc Find Anuj Soni on Twitter: https://twitter.com/asoni Connect on LinkedIn: https://www.linkedin.com/in/sonianuj/ Have malware analysis questions or topics you'd like me to cover? Leave a comment and let me know!