AE

Loading...

#MalwareAnalysis #IDAPro #Ransomware

IDA Pro Automated String Decryption For REvil Ransomware

2,248 views

Loading...

Loading...

Transcript

The interactive transcript could not be loaded.

Loading...

Rating is available when the video has been rented.
This feature is not available right now. Please try again later.
Published on Jan 26, 2020

Use IDA Pro and python to automatically decrypt the RC4 strings in REvil (Sodinokibi) ransomware. Expand description for details...


Try our free automated malware unpacking service!
https://www.unpac.me

REVil build imports with IDA Pro:
https://www.youtube.com/watch?v=R4xJo...

Identifying RC4 encryption in malware:
https://www.youtube.com/watch?v=CiJoc...

Clean unpacked REvil sample:
5f56d5748940e4039053f85978074bde16d64bd5ba97f6f0026ba8172cb29e93
https://malshare.com/sample.php?actio...

IDA helper functions script (gist):
https://gist.github.com/OALabs/04ef6b...

IDA 7.xx API backward compatibility with 6.xx
https://www.hex-rays.com/products/ida...

Best IDA scripting book ever!!! (pay-what-you-can)
https://leanpub.com/IDAPython-Book

Feedback, questions, and suggestions are always welcome : )

Sergei https://twitter.com/herrcore
Sean https://twitter.com/seanmw

As always check out our tools, tutorials, and more content over at https://www.openanalysis.net

#MalwareAnalysis #IDAPro #Ransomware

Loading...

Advertisement
When autoplay is enabled, a suggested video will automatically play next.

Up next


to add this to Watch Later

Add to

Loading playlists...