Published on March 27th, 2019 📆 | 2829 Views ⚑
0Reversing WannaCry Part 1 – Finding the killswitch and unpacking the malware in #Ghidra
iSpeech
In this first video of the "Reversing WannaCry" series we will look at the infamous killswitch and the installation and unpacking procedure of WannaCry.
The sample can be found here: https://www.ghidra.ninja/posts/03-wannacry-1/
Twitter: https://twitter.com/ghidraninja
Links:
- Interview with MalwareTech: https://soundcloud.com/arrow-bandwidth/s3-episode-11-wannacry-interview-with-malware-tech-at-infosec-europe-2017
- MalwareTech's blogpost about the killswitch: https://www.malwaretech.com/2017/05/how-to-accidentally-stop-a-global-cyber-attacks.html
Further reading
- Wikipedia: https://en.wikipedia.org/wiki/WannaCry_ransomware_attack
- LogRhythm Analysis: https://logrhythm.com/blog/a-technical-analysis-of-wannacry-ransomware/
- Secureworks Analysis: https://www.secureworks.com/research/wcry-ransomware-analysis
2019-03-27 16:17:38
source
Gloss