Reversing WannaCry Part 1 - Finding the killswitch and unpacking the malware in #Ghidra
Description YT
Part 2 is out! https://www.youtube.com/watch?v=Q90uZS3taG0
In this first video of the "Reversing WannaCry" series we will look at the infamous killswitch and the installation and unpacking procedure of WannaCry.
The sample can be found here: https://www.ghidra.ninja/posts/03-wannacry-1/
Twitter: https://twitter.com/ghidraninja
Links:
- Interview with MalwareTech: https://soundcloud.com/arrow-bandwidth/s3-episode-11-wannacry-interview-with-malware-tech-at-infosec-europe-2017
- MalwareTech's blogpost about the killswitch: https://www.malwaretech.com/2017/05/how-to-accidentally-stop-a-global-cyber-attacks.html
Further reading
- Wikipedia: https://en.wikipedia.org/wiki/WannaCry_ransomware_attack
- LogRhythm Analysis: https://logrhythm.com/blog/a-technical-analysis-of-wannacry-ransomware/
- Secureworks Analysis: https://www.secureworks.com/research/wcry-ransomware-analysis