Here I showcase an interesting malware sample which is #COVID19 themed, tricking users who think it just displays a map of COVID19 infections, but actually steals lots of credentials from the underlying machine.

I actually took this opportunity to showcase some basic reconnaissance techniques that you can use to analyse C2 infrastructure, to get even more out of your Indicators of Compromise and get up close and personal with the bad guys.

In this instance, we find the bad guys real username and also their real IP address. #OpSecFail

Tools Used in the Video:
Burp : https://portswigger.net/burp
ProcMon : https://docs.microsoft.com/en-us/sysi...
Assetfinder: https://github.com/tomnomnom/assetfinder
Dirsearch - https://github.com/maurosoria/dirsearch
SecLists - https://github.com/danielmiessler/Sec...

Malware Details / Related Blogs:
https://exchange.xforce.ibmcloud.com/...
https://blog.reasonsecurity.com/2020/...
https://www.virustotal.com/gui/file/2...

SHA-256 2b35aa9c70ef66197abfb9bc409952897f9f70818633ab43da85b3825b256307

If you liked the video, hit the thumbs up. If you loved it, please subscribe.

Find Me:
https://twitter.com/cybercdh
https://colin.guru

I really appreciate comments and feedback, so hit me up below.

Thanks!

Colin