Analyzing Ransomware - Completing a FULL Analysis
In this video, we complete a FULL analysis of a single ransomware - from reversing the keygen, to discovering the encryption algorithm, and figuring out the file format of encrypted files.
*Note: In the video I mention I thought the 1 byte written is a checksum of the filesize; I actually just realized it the number of padding bytes added to the last block, so the ransomware can remove that many bytes after decrypting. It's basically using ANSI X9.23 padding.
Sample: https://www.hybrid-analysis.com/sample/9a4f0f3240a84efb9df9a66284da70079cbce648c1e415d34b9d1491016b80fb/5c5e55b77ca3e115264fcf43
VirtualBox: https://www.virtualbox.org/
DIE: https://ntinfo.biz/
PeID: https://www.aldeid.com/wiki/PEiD
IDA Free: https://www.hex-rays.com/
x64dbg: https://x64dbg.com/
CryptoTester: https://download.bleepingcomputer.com/demonslay335/CryptoTester.zip
More information on the ransomware analyzed: https://twitter.com/demonslay335/status/1093226825772384257
Видео Analyzing Ransomware - Completing a FULL Analysis канала Michael Gillespie
*Note: In the video I mention I thought the 1 byte written is a checksum of the filesize; I actually just realized it the number of padding bytes added to the last block, so the ransomware can remove that many bytes after decrypting. It's basically using ANSI X9.23 padding.
Sample: https://www.hybrid-analysis.com/sample/9a4f0f3240a84efb9df9a66284da70079cbce648c1e415d34b9d1491016b80fb/5c5e55b77ca3e115264fcf43
VirtualBox: https://www.virtualbox.org/
DIE: https://ntinfo.biz/
PeID: https://www.aldeid.com/wiki/PEiD
IDA Free: https://www.hex-rays.com/
x64dbg: https://x64dbg.com/
CryptoTester: https://download.bleepingcomputer.com/demonslay335/CryptoTester.zip
More information on the ransomware analyzed: https://twitter.com/demonslay335/status/1093226825772384257
Видео Analyzing Ransomware - Completing a FULL Analysis канала Michael Gillespie
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
Analyzing Ransomware - Dumping a CryptoAPI KeygenAnalyzing Ransomware - Reversing AutoIT RansomwareAnalyzing Ransomware - Decoding PHP RansomwareCTF - Flareon7 | Challenge 2 garbageCTF - Flareon7 | Challenge 3 wednesdayAnalyzing Ransomware - .NET Ransomware with a C2 ServerAnalyzing Ransomware - Using CryptoTesterAnalyzing Ransomware - Finding BugsCTF - Flareon7 | Challenge 1 FidlerAnalyzing Ransomware - Recreating an LCG KeygenAnalyzing Ransomware - STOP | Getting StartedAnalyzing Ransomware - Decrypting RC4 ConfigAnalyzing Ransomware - Reversing Basic .NET RansomwareAnalyzing Ransomware - Beginner Static AnalysisAnalyzing Ransomware - Reversing a CryptoAPI DecrypterAnalyzing Ransomware - Decompiling Python RansomwareAnalyzing Ransomware - STOP | Keys and IDs