Is THIS a VIRUS? Finding a Remcos RAT - Malware Analysis 

"This is just 75 lines of code" *Half hour later* "201 thousand characters selected"

Love this malware analysis series!

Ngl, never thought it would be so much fun watching someone analyse and breakdown a virus.

Damn that was fun to watch!! Thanks and keep them coming!!!!!!

The REMCOS developer "discourages malicious use". For sure, everyone will use solely for legitimate purposes.

I love how they went through six stages of obsfuscation, and a lot of effort into hiding what they were doing.... but their payload was literally called "Attack.jpg" like surely they could have named it something at least slightly less blatant.

Times must be hard, Ed Sheeran is writing python.

I love when John is laughing over the Attack.jpg url

Content like this is why I don't have to pay for cable, satellite, or netflix!

Scheduling this to start at the same time as the new mars rover is landing... Bold move cotton, let's see how it works out

So far this is the most fun I've had watching hacking videos. Your analysis is fantastic and I enjoy seeing your process. Keep it up!

This style of video really helps me with my start in forensics and malware analysis. I love liveoverflow and other CTF summary channels but they often feel like magic in the way they present their findings. Keep up the great work :3

the evolving of rat is so amazing, i remember in late 90's where sub7, netbus and back orifice was so popular and inspired me into hacking. IRC was the channel to go to before and dial up is your connection.

After watching this, gained a keen interest in Malware Analysis. Thanks for the awesome content.

This is one of the best educational videos i've seen

John, as you are very good, you should stand this comment: In Powershell a "split (..)" is a regular expression splitten in string in portione of two characters, ie "4142" becomes "41", "42", in Hex AB

I've taken apart stuff like this (when I worked in large enterprise) but the samples were rarely more than 3-4 levels deep. This actually looks a lot more like a challenge you'd get at a CTF competition _(perhaps they're getting ideas from each other)_ ?

You need I high level of nerdiness to find this entertaining. Proof: I find highly entertaining! Love this.

Whatever that quality is that great teachers have, you have it. Never change the format of your videos. I love seeing you troubleshoot and reason through everything live.

Amazing work, you deserve the money from the RU-vid overlords. Literally only commented to help boost those algos.

Pretty sure you need to run the obfuscated version of the AMSI bypass. Great video, would love to see more of these!

I'm just finding this channel and its quickly becoming my favorite content. Im fascinated with all of this. Really inspires me to get started with basic coding to get my feet wet.

I love John’s response when the light bulb goes off and all the hard work comes together. Great video as always.

Where have you been all my CS degree? This is awesome watching this stuff in action as you do it. I love the content! Definitely going to keep watching!

Loving this series. Would like to see some disassembling malware analysis.

That was freaking wild, man. You're sharp at this stuff

Dude you are simply awesome...it's so enriching for all of your viewers to see your hard work and all your skills, and the best of all is that we can see you enjoying so we enjoy and learn too. Regards from Spain!

i missed the premiere, but this is definitely a blast to watch. Would love to see this more

Great video, I love this series. Also special thanks for zooming in this much, watching code-related stuff on phone is usually a pain, but not in your case. Keep up the good work!

that url has to be the greatest thing ive ever seen

Nobody: Virus Code: * Does malicious stuff* John: Is it trying to do something bad? HAHAHA Us: Duhhh John. wtf

"is this the newest version? because that would be pretty slick" *immediately scrolls past the version number 3.1.0 showing it is the latest version*

Hands down one of the best malware analysis walkthroughs I’ve seen. Watched it twice.

In the next episode... John rewrites the kernel for more efficient find and replace..... STONKS!

this is gonna be good

"Can I get anything out of Melons?" You can get juice, John. Juice.

Plottwist: this is all just an advertisement for BreakingSecurity

Algorithm, give this man the recs.

The guy that wrote the script watching this video rn must be like 👁️👄👁️

Well worth the watch. This is a great video. Please do more. :)

I was watching some scam baiting videos and also doing some deep dives into RATs and just... CyberSec/CompSci things in general and found this video. I'm glad I bumped into your channel. Really good stuff you have going on here

Damn, I just watched over an hour of stuff I have no clue of and I still feel educated and entertained. It even kinda makes sense, when you talk about it and explain some stuff. Thank you very much! :)

"guys, you might think i'm dumb" LOL exact opposite.

you got my sub for this. its 3am in the morning and I've watched the entire thing having so much fun. keep on with the good stuff

every single line "I don't exactly know what is going on here" so basically this guy is just us trying to understand code. got it.

That was epic dude! Felt like a real rollercoaster. I can't believe you got to them within 24 hours of release. So nuts.

THOSE DOWNVOTES....GTFO...this dude is a legend

What a great catch! This is by far the most interesting video I've watched on RU-vid for a very long time. I love this of unedited video.

John: releases a video with malware analysis Me after watching a video: *Lemme check real quick whether notepad.exe is running in the background or not in Task Manager*

Wow, that was a crazy ride! Thanks for taking us on the journey.

so where did you get the jscript if it was only released so recently...

Brilliant. You make malware reversing so fun to watch.

59:31 No. That's the noun "licence" as opposed to the verb "license". It's a British thing.

This was so fun to watch. The sketchy url was very funny, fitting pun on with the ‘holy cow’

Attack.jpg, that was hilarious

Always learn something new watching your content!

That's a rabbit hole if I've ever seen one haha great stuff man!

Man i'm brazillian, and i love all of this videos, but this... mannn to amazing !! Continue delivery this content to us, i apreciate this

Please mahn ... we need more malware analysis like this!! ... and also ... C source code analysis (something like that)

Loved the video! Can you share where or how you are picking your samples to analyze? In addition, for future videos can you post the hashes so if we want to follow along we have the option?

I have basically no connection to it-sec, but this stuff is addictive ... love the videos

Please more Malware Analysis videos. So much fun to watch.

Where do you get such fresh samples? That hash isn't even on VT yet.

Did i just watch AN HOUR of malware analysis? Dude, you're awesome!

"I don't like these advertisements..." "You didn't see this here folks!" "Not in a John Hammond video!"

You know so much about so many things... I've learned so many things in the few videos I've watched so far. Super, super inspiring.

The Title is like Asking if water is wet LOL

I love these malware analysis videos. You break stuff down to a fairly easy to understand level for most technical people. I'm just getting into cyber security and I'm really enjoying your content, thank you.

Remcos: "We specialize in ethical hacking" Also Remcos: *is used in malicious code*

Really interesting video, thanks !! I'm impressed at the obfuscation job done on this malware it's impressive

I have no idea what I'm watching but I'm enjoying it :)

I binge your videos every day all day at work. Gets me through the day and I learn some new/cool stuff.

Amazing stuff. Learned a lot from this video. I have a question: how did you come across this script? Did someone give it to you? Anything like that? Loving these malware analysis videos, John. Keep 'em coming!

From beginner hand-holding on picoCTF to obfuscating obfuscated obfuscation LOL. This channel has it all, thanks for the great content!

I just want to know how it’s humanly possible to obtain the level of programming and CS knowledge needed to be capable of doing what he does in this video

Totally enjoyed the video. It was an absolute rollercoaster ride. I love the way you present and explain the details in all your videos. And also none of your videos ever seem to be monotonous even when we are dealing with such mind boggling stuff because of the way you laugh and get excited when you crack/deobfuscate a piece of code. 😁 Thank you so much for taking the effort and sharing the awesome work😊

I honestly never appreciated Search and Replace until today. Everything is so clear now! 19:35 One learns more every day 33:44 What the hell this is hilarious 44:00 I hope you saved 56:13 I judt read a Online Keylogger Started so I guess yes 1:01:52 Oh so test hacks? Was this retrofitted to be malicious or you just were smart? 1:03:08 Imagine if Jim's Scammers used this crap. My god 1:10:00 Fresh off the oven and unobfudcated

Awesome work buddy !!! watching your videos while at work coding my self ... thanks for the vids

BTW... next thing. Do remcos guide, analysis and stuff

You make easy to understand videos as you break things down. i really enjoy them. I have a vague understanding of coding and the way you work is easy to follow.

That was more than a safari ride! It's awsm

59:06 love how scrolls past when looking at string in the executable "Offline Keylogger Started" "Online Keylogger Started" "Online Keylogger Stopped" "Offline Keylogger Stopped" Yes John sees the key strokes and is like, "is this doing keylogging?"

Next video Stuxnet analysis :D

That was a great video. I don't know a whole lot about what you do, but it was super fun watching you do it. Thanks so much!

was great :)

John - This is great content. I really am learning a lot watching you work these out. Keep it up! The masses demand more of this!

1:07:15 coronavirus was around at that time, it started spreading as soon as 17 dec. in china, possibly even sooner

Hey john can you put a link to download these malwares to try to analyze it our selfs btw perfect vidoe❤️

Waiting for it :)

You can also Ctrl+Scroll Wheel to zoom into notepad Edit: I watched the whole thing and I really had fun, really interesting and high quality Your circlular camera mask and your energy break reminded me of networkchuck and his coffee break xD You got a new subscriber :)

Legend

Watched the whole thing from start to finish - loved it! Make more!

Have you ever tried something with LUA before and i might be able to give you an interesting file!

Just watched this now, been on my watch list for a while. Great Video.

comment for youtube algo :)

As a prospective sw engineer, at ~54:00 that obfuscated spaghetti mess made me never want to be a malware analyst 🤣😂🤣 glad to have people with your mettle in this world

Now I got my GF *_There he is_*

I knew exactly what it was a few minutes of you scrolling few the strings!!! I feel proud! And thank you for making this video, I learned a lot.

Enjoying the malware analysis videos. Very informative.

Keep on doing those Malware Analysis. It's really fun to watch and it's quite educative too!