VBScript & ILSpy Analysis of a RAT

No body’s seen the video yet, but 13 people have already liked it. I think this goes to show that people (including myself) LOVE these malware analysis videos

Alternative Name:
John from the future getting annoyed by his past self doing stupid stuff

For you this video might me "amateurish" but for me it's
1. entertaining
2. i can learn from your mistakes
3. it helps me even more to understand what you do
👍 from me

This is rad learning with jokes lol! You're awesome John please keep em coming!

john gotta admit I don't mind seeing the mess ups, its very organic and wholesome I appreciates it

I think the revenge rat used here is a fixed version that's open-source on github by a person named NYAN-x-CAT which showed up in the config.

mr john yet another malware analysis?! it is indeed an auspicious week for us all. seriously these make my day so much better, thank you for doing what you do!

keep it up John, really like all your malware analysis videos

Ah yes , i like to call my Object variables by the names , vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvnnnnnnnnnnnnnnnn , and my String primitives, qaaaaaaaaaaaaaaaaazzzz..

I had to watch the whole video when I saw 5:45
Also Hackthebox T-Shirt

“hey what’s up” I love how this feels like I’m just talking to a normal being, not just some TH-camr

Another great video even if i am late to watch it. I enjoy decoding viruses etc and writing fixes. I am currently re writing my happy99 virus fix. I coded it back in 90's. Needs an upgrade.

Dont worry if IPs and ports dont match up to reporting, its very common to have actors jump to new IPs or be booted by the VPS provider

You are a very underrated youtuber you deserve better to be honest. Im new to your channel and I love your content that I subed for more I have no experience in hacking but I know a lot about computer both software hardware and some networking.
Keep up the good work 👏 👍

Future John getting frustrated by his past self is my new spirit animal xD

god damn man your are my fav person right now thank you for being here. was that evillimeter tool a vuln or im i just a idiot? love ya man have a great day.

"MATH IS HARD" :) **Agreed**

Love these kinds of videos :)

He looks like a senior dev looking at the code provided by the junior dev 😅

It was a interesting video as always. I like these decoding stuff. What caught my eye was at @53:13 Set objFSO = CreateObject("... Next line set objFSO = Nothing That was funny :)

'John from the future' bit got me, thank you John

Creating some in GO while watching this, lets goo.

Thank you brother amarphal always love dance santa

Hey John, Sometimes when you see that 'Client.exe', that might means that it could be some kind of RAT (talking based on experience). When I saw that ILSpy gave it to you as Lime, I was pretty sure it was Lime Rat. You have its source code on GH !
Also I do not think that with ILSpy you could do some refactor, but definitely you can with dnSpy. I suggest you to swith over a Windows VM when doing some .NET analysis, it'll get you life easier

I love this series ! Looking forward for more ;)

These videos are great, keep them coming! :D

John sounding like Olivander in Harry Potter. "After all, insert-virus-name-here does great things. Terrible! Yes. But great."

these vids are so fun and educational

"Heavly edited" : Three jump cuts lololol

I enjoy these and I've absolutely no idea why 🤷🏼‍♂️

Coool stuff. Ahmed

For those who don't know Hwy 75 that runs through Dallas all they way through plano and Richardson and beyond is just chock full of high tech companies. I miss the drive at night, i don't miss the fucking 110 F days.

Mavis Beacon Teaches Typing

Arab hackers: A group of hacker children who depend most of their concept RAT While do not realize what are the foundations of the penetration "I mean the majority "

Keep up the great work love these videos

John from the future bullies present John for 1 hour straight.

Dude, that is the funniest intro you've done yet lol

omfg, I love this edit ... btw john u edit in Linux?

Gidra assembly code in the bic checking.

Dallas has a few data centres, I'd expect the IPs to be there as that's where they were running the RAT (Remote Access Tool) controller / CnC (Command and Control) server from there

They ran the C# DLL through an obfuscator. Trying to decipher obfuscated code is not a trivial task.

your videos have gotten SO FREAKING GOOD which is hard to imagine because i have loved them since the python tutorials.

John From the Future is my spirit animal

dallas needs an intervention

Dude... this guy is sick kkkkkkk I love your videos

John what ssh client do you use and open a new shell and so forth I really love it fotgot -
got what you said with Thanks alot!

37:19 Cover you ears, kids

POV: you're in the comments to see if world of hacker replied to the video with "thanks for the shoutout!"

Hahaha i like John from future and his comments 🤣🤣🤣🤣🤣🤣

Where do you get these samples from John? I’d love to do some of this myself!

Hi john, i speak arabic n stuff this guy's content are nothing more than skiddie stuff? in fact 99% of the "arabic hacking" videos on youtube are just a bunch of script kiddies being utra cringe. the page you saw on facebook is not a marketplace it just for his "tutorials" cringy kind of sutff, i even doubt he's behind the vbscript's, those guys really thinks once they learned how to setup kali virtual machines they become "hacking masters" or somethin 🤣, nice video and please do not take those guy's seriously in anything🤣🤣

Damn, this is way above my level lol

Hilarious 20 20 retrospective

C# code... and it's not the engine behind a chess game that code there covers!

hey, it's fun to see your vids. could you please also share the samples?

Hackers from Texas? Yeeehaaaackers?

I see you have the Huntress shirt too. You can use -o with curl to download. John is about to get DMCA'd by these hackers PepeLaugh

Server is victim in the world of rat. Client is attacker on the norm

Best dud

Excellent video man, if you can share the sample, would be great.

I am by no means a ethical hacker or someone who is into malware analysis i am more of a web developer than anything but isn't this dangerous even in a virtual machine?

Update that ip is a vpn in tex by nord i think

me doing code review on my company

Here's a funny problem to consider, who gets more value out of .Net code obfuscating itself at build time, good guys or bad guys? Have we made life harder on ourselves?

if it makes you feel better John. im not one of those people who notice anything wrong that you do. im a noob :)

I would not mind an entire video of you looking through Legend of Zelda lore/artwork. also great videeo as usual!

Math actually is hard yo

Count numbers also explain anonymous details skillsonics tell me
Tufan gentleman songs

i am cse student and i feel like oh god there is no way i can write this stuffs. (i want to mention the hardness of these stuff not the hacking part)

Damn how did you git this crypter

ho ho ho, time to malware :D

Where do you usually find the malware?

Hey John! where do you find these?

John isn't excited like every video.
Are you ok?

i was here before you could even watch it

Bytes gising

What career position would I search for to do something like this?

Pasta explain mex ing pag

if(false)... hacker, dude... what the hell?

hahahahahahaha loving the energy of this vid

Wsh rat is malviya

Hey peeps

مجموعة ‏عالم الاختراق World Of hacker

You won't understand because he is talking Arabic btw I'm Egyptian

'those people.' knew someone so ligght couldn't not be a(n?) f-ing razist

is vb script used for anything other than viruses? why is it still a thing? tbh I loved vb6 and earlier, way back in the day, but in the real world, is it used for anything other than viruses? I really don't know, haven't touched winblows in so long. the whole os is a virus.

Hi

Wework other persons we want coming in my father was you want you are explain per you tell me

Sorry. But whenever you said VBScript, I would be intrigued.

im the 1.5k like LOL

Mal Ware 😅

Did i make it in time for a like?

Uhm.. You have a dog and haven introduced us yet? Disappointed

Rat ox3456 bajot work
Code file's" c++"0xnumber

John, I LOVE all these cuts "from the future", they're hilarious xD

ok the 3min 50s self flame is freaking awesome. absolutely love the humor ! Keep it going man. Just the second video i watch from you but can already tell i'll probably watch some more for the personality alone

The banner at 38:47 says "encrypt(ing?) all servers the rat clean"
so you were probably in the right place

I bet ya that Mr Ahmed is from Eygpt cause that background is almost like Egyptian way of piracy and hacking stuff 😅😅

por favor faz mes que to tentando...> executar o emulador do ( ps1 duckstation ) com um comando bat para iniciar a iso do jogo sem abrir o emulador ou seja iniciar automaticamente com um click no comando .bat?

I want patient situation I am not sell controlling sorry sorry sorry sorry sorry sorry 🤖 sorry