Dynamically Analyzing Linux Black Basta Ransomware

preview_player
Показать описание
In this video, we dynamically analyze the Linux Black Basta ransomware family. We use strace to determine the required directories and trigger both the encryption and decryption behavior.

---

Timestamps:
00:00 Intro
00:44 Analysis Enviroment
02:13 Starting Dynamic Analysis
03:19 Decryptors
04:26 Trigging Encryptor
06:21 Strace
08:00 VMWare ESXi
09:39 VMFS Test
12:30 Ransom Note
15:07 Strace Encryptor Output
15:50 Multithreading
17:48 Triggering Decryptor
19:38 Dumped key?
20:58 Decryptor Round 2
22:58 Successful Decryption!
23:27 Recap

---

Software Links Mentioned in Video:
strace manpage:

---
Malware Examined in the video (BlackBasta):

Decryptor:
sha256:96339a7e87ffce6ced247feb9b4cb7c05b83ca315976a9522155bad726b8e5be

Encryptor:
sha256:0d6c3de5aebbbe85939d7588150edf7b7bdc712fceb6a83d79e65b6f79bfc2ef

---
laurieWIRED Twitter:

laurieWIRED Website:

laurieWIRED Github:

laurieWIRED HN:

laurieWIRED Reddit:
  1. LaurieWired
Рекомендации по теме
Dynamically Analyzing Linux 0:24:33

Dynamically Analyzing Linux Black Basta Ransomware

BlackBasta Ransomware 0:06:31

BlackBasta Ransomware

The Surprising Truth 0:04:17

The Surprising Truth About Black Basta's $100 Million Empire

BlackBasta Ransomware extencrypted 0:02:08

BlackBasta Ransomware extencrypted

Black Basta #ransomware 0:16:05

Black Basta #ransomware is now actively targeting #VMware #ESXi servers – Protect your environment!...

Technical Analysis: Black 0:56:31

Technical Analysis: Black Basta

What is the 0:01:01

What is the black basta ransomware? #cybersecurity #tutorials #beginner #tips #infosec #hackers

Black Basta Ransomware 0:07:10

Black Basta Ransomware Detonation & Analysis

Building materials giant 0:00:25

Building materials giant Knauf hit by Black Basta ransomware gang

Linux Backdoor Deep 0:33:28

Linux Backdoor Deep Dive (Part 1)

American Dental Association 0:00:26

American Dental Association Attacked by Black Basta Ransomware

Linux Ransomware 0:08:14

Linux Ransomware

Multinational tech firm 0:00:55

Multinational tech firm ABB hit by Black Basta ransomware attack

Black Basta Ransomware 0:02:42

Black Basta Ransomware Group

Qakbot Campaign and 0:14:11

Qakbot Campaign and the Black Basta Ransomware Group - Attack Overview

BlackBasta Ransomware - 0:01:53

BlackBasta Ransomware - Code Execution Vulnerability

Ransomware🦹 Gang Using 0:00:55

Ransomware🦹 Gang Using Leaked💧 Windows🖥️ and Linux Encryption | IoT News Alerts #shorts

Warning | Black 0:04:32

Warning | Black Basta Ransomware Hackers Infiltrate Networks via Qakbot to Deploy Brute Ratel C4

Black Basta group 0:04:29

Black Basta group Ransomware [Remove and Decrypt Black Basta Ransomware]

Black Basta Ransomware 0:05:58

Black Basta Ransomware Gang - Conti 2.0? | SecurityMetrics News

What to if 0:00:30

What to if you've been H@cked !1!1

Everyone is accidentally 0:00:39

Everyone is accidentally connected

Ransomware Analysis: 7 0:10:04

Ransomware Analysis: 7 - ZeroRansom

Black Basta Ransomware 0:02:16

Black Basta Ransomware Incident w/ Mark Miller - It’s 5:05, Tuesday, January 31, 2023

Комментарии
Автор

This must be one of the most underrated channels on YT.

lkron
Автор

I absolutely love this format. The "window" switching is really cool.

miguelmahecha
Автор

you're so fricken cool, love the editing every time. best youtuber

rabbirt
Автор

¡Gracias! Hermosa en verdad tu conocimiento me ayuda a ser más eficiente en mi trabajo como fintech developer engineer.

angelalopez
Автор

The fact that you can analyze, decypher, plan ahead and slow yourself down for us, in order to perform this perfectly clear pedagogic explanation, all at once, is kinda impressive.

samrichardson
Автор

Thanks for uploading. I’m learning a lot of cool stuff from the channel. Haven’t seen all the videos but thank the algorithm for the recommending this channel.

randommoosebrains
Автор

The analysis container is *exactly* what I've been looking for! Thank you! 🤘

tkondoff
Автор

I'm kinda bing watching your videos today and from all the references I've seen, I'm so happy The Wired (wired-o lol) wasn't just something I was trying to imagine out of nowhere. ❤ SEL, and your content. I'm hooked!

isaacpardo
Автор

Great job Laurie! I love how strace can show so much. In a CTF I wrote in x86 Assembler, I worked to hide all of the traces but few ever go to such lengths.

mytechnotalent
Автор

This was a great watch, really interesting stuff. Thank you for creating this

QLPJosh
Автор

Kudos to the amount of work you put into the production! The MacOS/WinXP crossover made me lough and love to the Corgi :)
Also, you have a really calm and structured way of teaching. 👌

MaZderMind
Автор

Thanks for these videos. It has really got me interested in malware analysis.

kumarprateek
Автор

Excellente vidéo, merci pour ce contenu

math
Автор

typical Linux experience: you even have to troubleshot malware and actually try hard to get it working

szymoniak
Автор

I love your videos! I learn so much!! Thank you

IsaiahG-emin
Автор

I started my reverse engineering career as a teen in the late 80s, mostly cracking games and hunting malware on MS-DOS. Glad to see the next generation going strong at it!

ismiregalichkochdasjetztso
Автор

awesome and way above my head! ::Swoosh::

afkbender
Автор

This women has great style :-) and so cool how she explains stuff. Thanks

mojed
Автор

"Present Day, Present Time -- Copland OS"

peterweston
Автор

Ok you had ne at the Lain intro lol subscribed

kikomartinez
welcome to shbcf.ru