VBScript & ILSpy Analysis of a RAT
Рет қаралды 52,574
3 жыл бұрынIf you would like to support the channel and I, check out Kite! Kite is a coding assistant that helps you code faster, on any IDE offer smart completions and documentation. www.kite.com/get-kite/?... (disclaimer, affiliate link)
For more content, subscribe on Twitch! / johnhammond010
If you would like to support me, please like, comment & subscribe, and check me out on Patreon: / johnhammond010
PayPal: paypal.me/johnhammond010
E-mail: johnhammond010@gmail.com
Discord: johnhammond.org/discord
Twitter: / _johnhammond
GitHub: github.com/JohnHammond
@flawlesscode6471 3 жыл бұрын
Alternative Name: John from the future getting annoyed by his past self doing stupid stuff
@Nuclear__HS 3 жыл бұрын
John, I LOVE all these cuts "from the future", they're hilarious xD
@ca7986 3 жыл бұрын
💯
@donovanelliott9060 2 жыл бұрын
I really wanna like this comment but I can't because it has 69 likes
@originalgaming9062 3 жыл бұрын
No body’s seen the video yet, but 13 people have already liked it. I think this goes to show that people (including myself) LOVE these malware analysis videos
@originalgaming9062 3 жыл бұрын
@@Marko-wi1lb I just feel bad for the one poor fellow who missed the like button
@herotrojan1645 3 жыл бұрын
can you tell me the best malware analysis course to begin with
@herotrojan1645 3 жыл бұрын
can you tell me the best malware analysis course to begin with
@AnoNymous-ie3wc 3 жыл бұрын
For you this video might me "amateurish" but for me it's 1. entertaining 2. i can learn from your mistakes 3. it helps me even more to understand what you do 👍 from me
@uumas 3 жыл бұрын
ok the 3min 50s self flame is freaking awesome. absolutely love the humor ! Keep it going man. Just the second video i watch from you but can already tell i'll probably watch some more for the personality alone
@AkAk-jv7ig 3 жыл бұрын
This is rad learning with jokes lol! You're awesome John please keep em coming!
@ripcityraider9469 3 жыл бұрын
Dude you are so awesome!!! I can't stop watching your videos. Keep up the great work!
@TheDuerden 2 жыл бұрын
I have watched a lot of your videos lately - and I am subbed - but this is my favourite so far...hilarious :)
@bryanleong2846 3 жыл бұрын
keep it up John, really like all your malware analysis videos
@donutcream4944 3 жыл бұрын
I love this series ! Looking forward for more ;)
@mustafamotiwala2335 3 жыл бұрын
mr john yet another malware analysis?! it is indeed an auspicious week for us all. seriously these make my day so much better, thank you for doing what you do!
@philipstringer4425 3 жыл бұрын
john gotta admit I don't mind seeing the mess ups, its very organic and wholesome I appreciates it
@AnoNymous-ie3wc 3 жыл бұрын
Same here.
@talinross 3 жыл бұрын
Keep up the great work love these videos
@danieldaszkiewicz7313 3 жыл бұрын
These videos are great, keep them coming! :D
@QuibbleTrouble 3 жыл бұрын
I think the revenge rat used here is a fixed version that's open-source on github by a person named NYAN-x-CAT which showed up in the config.
@thecaretaker0007 3 жыл бұрын
I had to watch the whole video when I saw 5:45 Also Hackthebox T-Shirt
@dr.humorous447 3 жыл бұрын
You are a very underrated youtuber you deserve better to be honest. Im new to your channel and I love your content that I subed for more I have no experience in hacking but I know a lot about computer both software hardware and some networking. Keep up the good work 👏 👍
@tuckerward9844 3 жыл бұрын
'John from the future' bit got me, thank you John
@48pluto 3 жыл бұрын
It was a interesting video as always. I like these decoding stuff. What caught my eye was at @53:13 Set objFSO = CreateObject("... Next line set objFSO = Nothing That was funny :)
@gowthamujjineni8422 3 жыл бұрын
These type of vedios are wonderful to see. I love these type of vedios with comedy sprinkles in between
@dancingtiger577 3 жыл бұрын
these vids are so fun and educational
@im_typ0563 Жыл бұрын
Love these kinds of videos :)
@alincraciunescu 3 жыл бұрын
Thank you, you are unique !
@batteryman2852 3 жыл бұрын
Ah yes , i like to call my Object variables by the names , vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvnnnnnnnnnnnnnnnn , and my String primitives, qaaaaaaaaaaaaaaaaazzzz..
@abeecee 3 жыл бұрын
*verbose*
@errollgnargnar9534 2 жыл бұрын
Thanks for keeping it real
@duncan3144 Жыл бұрын
Another great video even if i am late to watch it. I enjoy decoding viruses etc and writing fixes. I am currently re writing my happy99 virus fix. I coded it back in 90's. Needs an upgrade.
@AhmedFromKSA 3 жыл бұрын
The banner at 38:47 says "encrypt(ing?) all servers the rat clean" so you were probably in the right place
@dedkeny 3 жыл бұрын
Dude, that is the funniest intro you've done yet lol
@yasincomps2056 Жыл бұрын
i thoght you wouldn't have noticed but you have a great sense of humor
@MrRAGHUSHARMA 3 жыл бұрын
thanks John....
@sammo7877 3 жыл бұрын
Here we go again :D cant wait!
@Zebby2013 3 жыл бұрын
Finally made the start of a video!
@luks1337 3 жыл бұрын
omfg, I love this edit ... btw john u edit in Linux?
@Basieeee 3 жыл бұрын
Coool stuff. Ahmed
@arronk3 3 жыл бұрын
2 videos basically back to back? pog
@roykositzky2252 2 жыл бұрын
god damn man your are my fav person right now thank you for being here. was that evillimeter tool a vuln or im i just a idiot? love ya man have a great day.
@bhagyalakshmi1053 9 ай бұрын
Thank you brother amarphal always love dance santa
@almostanengineer 3 жыл бұрын
I enjoy these and I've absolutely no idea why 🤷🏼♂️
@tortotifa5287 3 жыл бұрын
Hey John, Sometimes when you see that 'Client.exe', that might means that it could be some kind of RAT (talking based on experience). When I saw that ILSpy gave it to you as Lime, I was pretty sure it was Lime Rat. You have its source code on GH ! Also I do not think that with ILSpy you could do some refactor, but definitely you can with dnSpy. I suggest you to swith over a Windows VM when doing some .NET analysis, it'll get you life easier
@yamsol1911 2 жыл бұрын
Dude... this guy is sick kkkkkkk I love your videos
@h8handles 3 жыл бұрын
your videos have gotten SO FREAKING GOOD which is hard to imagine because i have loved them since the python tutorials.
@Mustardoable 3 жыл бұрын
Dallas has a few data centres, I'd expect the IPs to be there as that's where they were running the RAT (Remote Access Tool) controller / CnC (Command and Control) server from there
@MySisterIsASlytherin 3 жыл бұрын
John From the Future is my spirit animal
@jaymar921 3 жыл бұрын
He looks like a senior dev looking at the code provided by the junior dev 😅
@Lars-ce4rd 3 жыл бұрын
John from the future @ 3:40, I see a lot of myself in you. Such a misunderstanding is so relatable for me
@9rye Жыл бұрын
“hey what’s up” I love how this feels like I’m just talking to a normal being, not just some KZfaqr
@hoodieman04 3 жыл бұрын
Dont worry if IPs and ports dont match up to reporting, its very common to have actors jump to new IPs or be booted by the VPS provider
@devilemox2824 3 жыл бұрын
"MATH IS HARD" :) **Agreed**
@Cyberducky 3 жыл бұрын
Future John getting frustrated by his past self is my new spirit animal xD
@diddyman1958 3 жыл бұрын
I like it :)
@BackWithTheBoom 3 жыл бұрын
Creating some in GO while watching this, lets goo.
@__theycallmeaadi3316 3 жыл бұрын
What you creating in go ?
@hdconnoisseur7932 3 жыл бұрын
@@__theycallmeaadi3316 I assume a RAT
@__theycallmeaadi3316 3 жыл бұрын
@@hdconnoisseur7932 yea i think so i'm also creating malware in go that's why i asked
@__theycallmeaadi3316 3 жыл бұрын
@@j.u.g.y nah that's they call me "aadi" aadi is my name.
@__theycallmeaadi3316 3 жыл бұрын
@@j.u.g.y no problems I'm lone enough that these things make me happy 😅
@solpex Жыл бұрын
John what ssh client do you use and open a new shell and so forth I really love it fotgot - got what you said with Thanks alot!
@tomasgorda 3 жыл бұрын
Hahaha i like John from future and his comments 🤣🤣🤣🤣🤣🤣
@slygamer01 3 жыл бұрын
C# DllImport uses the method name as the function to load if no explicit function name is specified.
@norboost 3 жыл бұрын
John sounding like Olivander in Harry Potter. "After all, insert-virus-name-here does great things. Terrible! Yes. But great."
@thekurdgamer8366 3 жыл бұрын
John from the future 😅😂
@fade8148 3 жыл бұрын
Best dud
@rckrs-jf8lb 2 жыл бұрын
Excellent video man, if you can share the sample, would be great.
@watchdog2864 3 жыл бұрын
Where do you get these samples from John? I’d love to do some of this myself!
@obitorasu1760 3 жыл бұрын
John from the future bullies present John for 1 hour straight.
@blackjackdealer204 3 жыл бұрын
Nerf fumble in the future..but still #respect .. I learned the $ replace with itself thingamajiggy you did
@L0PREZ 3 жыл бұрын
I would not mind an entire video of you looking through Legend of Zelda lore/artwork. also great videeo as usual!
@surajsawant6469 3 жыл бұрын
hey, it's fun to see your vids. could you please also share the samples?
@TheItalohugo 2 жыл бұрын
"Heavly edited" : Three jump cuts lololol
@maliusribeiroborges7578 3 жыл бұрын
Damn, this is way above my level lol
@jwbulmer 3 жыл бұрын
It’s all above my level.
@bhagyalakshmi1053 10 ай бұрын
Gidra assembly code in the bic checking.
@TheSxW 3 жыл бұрын
18:54 - yes you can
@davidmiller9485 3 жыл бұрын
For those who don't know Hwy 75 that runs through Dallas all they way through plano and Richardson and beyond is just chock full of high tech companies. I miss the drive at night, i don't miss the fucking 110 F days.
@scor-_-pions5094 3 жыл бұрын
por favor faz mes que to tentando...> executar o emulador do ( ps1 duckstation ) com um comando bat para iniciar a iso do jogo sem abrir o emulador ou seja iniciar automaticamente com um click no comando .bat?
@Tan444 3 жыл бұрын
you should put the hash in the description so people can follow along
@gabrote42 2 жыл бұрын
Hilarious 20 20 retrospective
@temolantern9091 3 жыл бұрын
POV: you're in the comments to see if world of hacker replied to the video with "thanks for the shoutout!"
@slygamer01 3 жыл бұрын
They ran the C# DLL through an obfuscator. Trying to decipher obfuscated code is not a trivial task.
@mindzhd 3 жыл бұрын
"bah, fuckin ILSpy, stop" lmfao
@xn1kkix Жыл бұрын
Mavis Beacon Teaches Typing
@dougbongqueque 3 жыл бұрын
I liked it 🤷
@chrisbishop6928 3 жыл бұрын
Dude these are just the right blend of comedy and learning on the fly. Math is hard!
@zitrax506 3 жыл бұрын
Arab hackers: A group of hacker children who depend most of their concept RAT While do not realize what are the foundations of the penetration "I mean the majority "
@logiciananimal 3 жыл бұрын
The stuff you looked at in IL seemed to be possibly an un-selfpacker, like the WSH rat stuff you browsed through.
@1wk407 2 жыл бұрын
dallas needs an intervention
@ivanboiko8975 3 жыл бұрын
ho ho ho, time to malware :D
@kushshah3682 3 жыл бұрын
hahahahahahaha loving the energy of this vid
@stevejamal241 3 жыл бұрын
I bet ya that Mr Ahmed is from Eygpt cause that background is almost like Egyptian way of piracy and hacking stuff 😅😅
@0xlol64 3 жыл бұрын
this why most people who sees his profile hate us egyptian and arabs btw im egyptian
@hpimpact 3 жыл бұрын
egypt isn't the only arabic country tho
@ko-Daegu 2 жыл бұрын
@@0xlol64 why thou?? I don’t get why I will hate an entire country( 100m+ people) cuz of a banner ? Also we have Russian and Chinese hackers I’m not hatin Russia or China cuz of them You are worrying for wrong reasons
@samh3355 3 жыл бұрын
At first, I was thinking.. Optic Scump??
@phyyl 3 жыл бұрын
Hey John! where do you find these?
@HalValla01 3 жыл бұрын
37:19 Cover you ears, kids
@TwinTailTerror 3 жыл бұрын
Update that ip is a vpn in tex by nord i think
@arivanhouten6343 3 жыл бұрын
i was here before you could even watch it
@Scaramouche122 3 жыл бұрын
van houten
@BSJuliaMagna 3 жыл бұрын
Hackers from Texas? Yeeehaaaackers?
@ir4640 3 жыл бұрын
Where do you usually find the malware?
@DavidAlvesWeb 3 жыл бұрын
⚠️ MATH IS HARD SHOULD BE A MOVEMENT! ⚠️
@Lars-ce4rd 3 жыл бұрын
Here's a funny problem to consider, who gets more value out of .Net code obfuscating itself at build time, good guys or bad guys? Have we made life harder on ourselves?
@rrkatamakata7874 3 жыл бұрын
i am cse student and i feel like oh god there is no way i can write this stuffs. (i want to mention the hardness of these stuff not the hacking part)
@jonchicoine 2 жыл бұрын
So where did you get the vbscripts from?
@SamyTessier 2 жыл бұрын
Is this any malware written in Python? would be interested in an analysis of that
@SF-eg3fq 2 жыл бұрын
Hi john, i speak arabic n stuff this guy's content are nothing more than skiddie stuff? in fact 99% of the "arabic hacking" videos on youtube are just a bunch of script kiddies being utra cringe. the page you saw on facebook is not a marketplace it just for his "tutorials" cringy kind of sutff, i even doubt he's behind the vbscript's, those guys really thinks once they learned how to setup kali virtual machines they become "hacking masters" or somethin 🤣, nice video and please do not take those guy's seriously in anything🤣🤣
@bhagyalakshmi1053 10 ай бұрын
Bytes gising
@nickreed7277 2 жыл бұрын
if it makes you feel better John. im not one of those people who notice anything wrong that you do. im a noob :)
@garcand 3 жыл бұрын
What career position would I search for to do something like this?
@maans2001 3 жыл бұрын
malware analysis maybe
@Babakinha 3 жыл бұрын
Cybersecurity?
@maans2001 3 жыл бұрын
@@Babakinha Malware Analysis is a part of Cyber Security yes
@adhamhalabi7472 3 жыл бұрын
You can either take master degree in cybersecurity or it security that has focus on practical side more than theoretical side, make sure to check their courses to see if they teach what interest you, or you can go to EC-Council and learn this online they have many courses that varies from ethical hacking to forensic investigator, both options costs quite a bit.
@ko-Daegu 2 жыл бұрын
@@adhamhalabi7472 imagine thinking you need a useless master degree to do practical malware analysis
@eklypzn 3 жыл бұрын
I see you have the Huntress shirt too. You can use -o with curl to download. John is about to get DMCA'd by these hackers PepeLaugh
AKIpress news
Рет қаралды 929 М.
John Hammond
Рет қаралды 136 М.
Low Level Learning
Рет қаралды 510 М.
MythBusters
Рет қаралды 210 М.
AKIpress news
Рет қаралды 929 М.