IRC Botnet Reverse Engineering Part 3 - How To Sinkhole A Botnet

This is the final part or our in-depth malware reverse engineering series analyzing an IRC worm from 2010. In this part we perform a final high level analysis of the malware then then use our analysis to build a sinkhole for the botnet! ----- OALABS DISCORD https://discord.gg/6h5Bh5AMDU OALABS PATREON https://www.patreon.com/oalabs OALABS TIP JAR https://ko-fi.com/oalabs OALABS GITHUB https://github.com/OALabs UNPACME - AUTOMATED MALWARE UNPACKING https://www.unpac.me/#/ ----- Automated Malware Unpacking https://www.unpac.me/ IRC Botnet Reverse Engineering Part 1 https://www.youtube.com/watch?v=JPvcLLYR0tE IRC Botnet Reverse Engineering Part 2 https://youtu.be/LtgLa1n9EzE Unpacked binary (malshare) https://malshare.com/sample.php?action=detail&hash=51e49a9ca65fac6e43827738f90bc475 SHA256 hash: 4eb33ce768def8f7db79ef935aabf1c712f78974237e96889e1be3ced0d7e619 MalwareAnalysisForHedgehogs - Network Worm Basics https://youtu.be/LxajkPFJsIo ShadowServer Foundation https://www.shadowserver.org/ Fakenet-NG https://github.com/fireeye/flare-fakenet-ng Feedback, questions, and suggestions are always welcome : ) Sergei https://twitter.com/herrcore Sean https://twitter.com/seanmw As always check out our tools, tutorials, and more content over at https://www.openanalysis.net #Botnet #MalwareAnalysis #Sinkhole