Summary
The video discusses the ENUN platform, an interactive malware hunting service, and details how the presenter utilizes it for triaging unknown binaries found in the wild. It provides insights into the platform’s features, including sandbox analysis, public reports, and interactive sessions with malware samples.
Key Points
- Introduction to the ENUN platform as a tool for interactive malware hunting.
- Overview of the platform’s resources, including the tracker for known malware families and a blog with detailed analyses.
- Discussion of pricing tiers available, highlighting the free version’s utility for individual users.
- Importance of confirming the nature of files before uploading to the platform to ensure compatibility.
- The process of uploading samples and analyzing them in real-time for immediate data collection.
- Utilization of the threats tab to gain insights into alerts and suspicious activities related to the uploaded sample.
- Explanation of the interactive desktop session available during analysis and its benefits in observing malware behavior.
- Investigation of HTTP requests and responses to identify potential malware downloads during the analysis process.
- Methods for filling in gaps with previous executions of the same sample for more comprehensive analysis.
- Tools for malware configuration extraction and usage of IOCs (Indicators of Compromise) to summarize collected data.
- Final thoughts on the importance of community sharing of findings when new malware is discovered.
- Encouragement for viewers to try the ENUN platform through a 14-day trial option for a full experience.
Youtube Channel: Dr Josh Stroschein – The Cyber Yeti
Video Published: 2024-09-18T14:20:49+00:00
Video Description:
Gathering important indicators of compromise from unknown files is a crucial first step when responding to an incident or performing malware analysis. ANY.RUN is one of my go to tools to help with this task. ANY.RUN provdies quick and safe initial assessment. This cloud-based sandbox environment allows me to detonate the file in a controlled setting, observing its behavior from a browser. ANY.RUN’s rapid triage analysis provides valuable insights like network activity, suspicious file creations, and API calls. This initial intel helps me prioritize potential threats and determine if a deeper, more time-consuming analysis is necessary.
,
Sign up for ANY.RUN to use interactive malware analysis:
https://app.any.run/?utm_source=youtube&utm_medium=video&utm_campaign=thr-cyber-yeti&utm_content=register&utm_term=180924#register
Integrate ANY.RUN solutions into your company:
https://any.run/demo/?utm_source=youtube&utm_medium=video&utm_campaign=thr-cyber-yeti&utm_content=demo&utm_term=180924
Join this channel to get access to perks:
https://www.youtube.com/channel/UCI8zwug_Lv4_-KPT62oeDUA/join
Cybersecurity, reverse engineering, malware analysis and ethical hacking content!
🎓 Courses on Pluralsight 👉🏻 https://www.pluralsight.com/authors/josh-stroschein
🌶️ YouTube 👉🏻 Like, Comment & Subscribe!
🙏🏻 Support my work 👉🏻 https://patreon.com/JoshStroschein
🌎 Follow me 👉🏻 https://twitter.com/jstrosch, https://www.linkedin.com/in/joshstroschein/
⚙️ Tinker with me on Github 👉🏻 https://github.com/jstrosch
🤝 Join the Discord community and more 👉🏻 https://www.thecyberyeti.com
1:46 Today’s sample
3:08 Public reports and tags
3:52 Submitting for public analysis
5:08 Running analysis
6:04 Extending analysis run-time
6:36 Interactive desktop session
7:23 Threats tab – aka Suricata alerts
9:01 Investigating HTTP request/response content
11:45 What we’ve found so far
12:20 Viewing DNS queries
13:45 Leveraging tags to speed up analysis
15:58 Process details
16:08 Config extraction – XOR encrypted URLs
16:55 Summarizing IOCs
17:52 Process graph
18:25 Enhancing understanding with previous reporting