Analyzing the FBI's Qakbot Takedown Code (Malware Analysis & Reverse Engineering)

๐Ÿš€ Build real confidence analyzing malware. Join the waitlist. ๐Ÿš€ https://go.themalwarelab.co/join ๐Ÿ“„ Get my malware analysis template ๐Ÿ“„ https://go.themalwarelab.co/get-template ๐ŸŽฅ Video Description ๐ŸŽฅ In this video, we analyze the FBI's Qakbot takedown code using malware analysis techniques. โฑ๏ธ Timestamps โฑ๏ธ 0:00 - Intro 1:21 - Shellcode analysis with Malcat 7:23 - Identify functionality with Mandiant's capa 10:41 - Analyze shellcode with Ghidra 15:35 - Debug shellcode with runsc 19:40 - Review decoded executable with PEStudio 21:07 - Code analysis to confirm how Qakbot is terminated (warning: screen flickers here for a few seconds due to a recording error) ๐Ÿ˜ˆ Sample: https://github.com/as0ni/youtube-file... ๐Ÿ”‘ Password: infected Unzipped SHA-256: 7cdee5a583eacf24b1f142413aabb4e556ccf4ef3a4764ad084c1526cc90e117 Description: FBI Qakbot Takedown Code ๐Ÿ› ๏ธ Tools ๐Ÿ› ๏ธ Malcat: https://malcat.fr/ Ghidra: https://ghidra-sre.org/ Capa: https://github.com/mandiant/capa Capa Rules: https://github.com/mandiant/capa-rules Speakeasy: https://github.com/mandiant/speakeasy x64dbg: https://x64dbg.com/ Runsc: https://github.com/edygert/runsc ๐Ÿ“ž Follow Anuj on LinkedIn: ย ย /ย sonianujย ย 

Join Today
๐Ÿ”ด Malware Mondays Episode 05 - Using CAPA to identify capabilities in executable files
โ–ถ๏ธŽ

๐Ÿ”ด Malware Mondays Episode 05 - Using CAPA to identify capabilities in executable files

Unpacking a Trojan with Ghidra and x64dbg
โ–ถ๏ธŽ

Unpacking a Trojan with Ghidra and x64dbg

RS3 8Y: ASW + Calibration Basic Explanation by Josh @ LabordeFiles.co
โ–ถ๏ธŽ

RS3 8Y: ASW + Calibration Basic Explanation by Josh @ LabordeFiles.co

How I Execute and Debug a Malicious Service (Malware Analysis)
โ–ถ๏ธŽ

How I Execute and Debug a Malicious Service (Malware Analysis)

Every Level of Reverse Engineering Explained
โ–ถ๏ธŽ

Every Level of Reverse Engineering Explained

Malware Evasion Techniques: API Unhooking (Malware Analysis & Reverse Engineering)
โ–ถ๏ธŽ

Malware Evasion Techniques: API Unhooking (Malware Analysis & Reverse Engineering)

Classify Malware with YARA
โ–ถ๏ธŽ

Classify Malware with YARA

Getting Started with dnSpyEx - Unraveling a .NET Formbook Dropper
โ–ถ๏ธŽ

Getting Started with dnSpyEx - Unraveling a .NET Formbook Dropper

Deciphering Obfuscated JavaScript Malware
โ–ถ๏ธŽ

Deciphering Obfuscated JavaScript Malware

How To Build Your Malware Analysis Lab In 2026
โ–ถ๏ธŽ

How To Build Your Malware Analysis Lab In 2026

How I Debug DLL Malware (Emotet)
โ–ถ๏ธŽ

How I Debug DLL Malware (Emotet)

Zig 2026: No-AI Policy, $670K Foundation, Left GitHub & Why Zig Isnโ€™t 1.0 - Andrew Kelley Explains
โ–ถ๏ธŽ

Zig 2026: No-AI Policy, $670K Foundation, Left GitHub & Why Zig Isnโ€™t 1.0 - Andrew Kelley Explains

MALWARE Analysis with Wireshark // TRICKBOT Infection
โ–ถ๏ธŽ

MALWARE Analysis with Wireshark // TRICKBOT Infection

I Bought 25 Million Computer Viruses - VX Underground Malware HDD
โ–ถ๏ธŽ

I Bought 25 Million Computer Viruses - VX Underground Malware HDD

Getting Started Reversing C++ Objects with Ghidra - Ghidra Reversing Tutorials
โ–ถ๏ธŽ

Getting Started Reversing C++ Objects with Ghidra - Ghidra Reversing Tutorials

Decode Malware Strings with Conditional Breakpoints
โ–ถ๏ธŽ

Decode Malware Strings with Conditional Breakpoints

An Introduction to Binary Ninja for Malware Analysis
โ–ถ๏ธŽ

An Introduction to Binary Ninja for Malware Analysis

Practical Malware Analysis Essentials for Incident Responders
โ–ถ๏ธŽ

Practical Malware Analysis Essentials for Incident Responders

Analyzing the Zeus Banking Trojan - Malware Analysis Project 101
โ–ถ๏ธŽ

Analyzing the Zeus Banking Trojan - Malware Analysis Project 101

Code Reuse in Ransomware with Ghidra and BinDiff (Malware Analysis & Reverse Engineering)
โ–ถ๏ธŽ

Code Reuse in Ransomware with Ghidra and BinDiff (Malware Analysis & Reverse Engineering)