How To Quickly Unpack Qbot Loader Malware

View our malware analysis training: https://AGDCservices.com/training/ Follow me on Twitter for RE tips and resources: https://twitter.com/AGDCservices View our malware analysis products to aid in your RE efforts (Ghidra / python scripts, tools, and individual analysis results) https://github.com/agdcservices Get resources to help with learning malware analysis https://agdcservices.com/blog/resources-for-learning-malware-analysis/ Qbot is a common banking malware that is almost always packed. You’ll need to unpack the loader to bypass the anti-debugging tricks, perform a full analysis, and extract the encrypted configuration data. This video demonstrates a quick trick to correctly unpack the loader, and finishes up with a walkthrough of the unpacking stub to highlight a few main points so you understand how the trick is working. Download the malware samples at https://malshare.com to review in your own analysis lab: Sample 1 Packed: 112a64190b9a0f356880eebf05e195f4c16407032bf89fa843fd136da6f5d515 Sample 1 Unpacked Loader: f5ff6dbf5206cc2db098b41f5af14303f6dc43e36c5ec02604a50d5cfecf4790 Sample 2 Packed: 1042f400ed776bc5d2c68becb386fb2ef3116417f96a67c14e8ca5b421ae7bc9 #ReverseEngineering #MalwareAnalysis #SRE #RE #Ghidra #Unpacking #QBot #Quakbot #Malware #x64dbg