In this video, we dynamically analyze the Linux Black Basta ransomware family. We use strace to determine the required directories and trigger both the encryption and decryption behavior. --- Timestamps: 00:00 Intro 00:44 Analysis Enviroment 02:13 Starting Dynamic Analysis 03:19 Decryptors 04:26 Trigging Encryptor 06:21 Strace 08:00 VMWare ESXi 09:39 VMFS Test 12:30 Ransom Note 15:07 Strace Encryptor Output 15:50 Multithreading 17:48 Triggering Decryptor 19:38 Dumped key? 20:58 Decryptor Round 2 22:58 Successful Decryption! 23:27 Recap --- Software Links Mentioned in Video: strace manpage: --- Malware Examined in the video (BlackBasta): Decryptor: sha256:96339a7e87ffce6ced247feb9b4cb7c05b83ca315976a9522155bad726b8e5be Encryptor: sha256:0d6c3de5aebbbe85939d7588150edf7b7bdc712fceb6a83d79e65b6f79bfc2ef --- laurieWIRED Twitter: laurieWIRED Website: laurieWIRED Github: laurieWIRED HN: laurieWIRED Reddit:
- 33630Просмотров
- 2 года назадОпубликованоLaurieWired
Dynamically Analyzing Linux Black Basta Ransomware
Похожее видео
Популярное
Новини