Рет қаралды 17,334
In this video, we dynamically analyze the Linux Black Basta ransomware family. We use strace to determine the required directories and trigger both the encryption and decryption behavior.
---
Timestamps:
00:00 Intro
00:44 Analysis Enviroment
02:13 Starting Dynamic Analysis
03:19 Decryptors
04:26 Trigging Encryptor
06:21 Strace
08:00 VMWare ESXi
09:39 VMFS Test
12:30 Ransom Note
15:07 Strace Encryptor Output
15:50 Multithreading
17:48 Triggering Decryptor
19:38 Dumped key?
20:58 Decryptor Round 2
22:58 Successful Decryption!
23:27 Recap
---
Software Links Mentioned in Video:
strace manpage:
www.man7.org/linux/man-pages/...
---
Malware Examined in the video (BlackBasta):
Decryptor:
sha256:96339a7e87ffce6ced247feb9b4cb7c05b83ca315976a9522155bad726b8e5be
Encryptor:
sha256:0d6c3de5aebbbe85939d7588150edf7b7bdc712fceb6a83d79e65b6f79bfc2ef
---
laurieWIRED Twitter:
/ lauriewired
laurieWIRED Website:
lauriewired.com
laurieWIRED Github:
github.com/LaurieWired
laurieWIRED HN:
news.ycombinator.com/user?id=...
laurieWIRED Reddit:
/ lauriewired