Malware Analysis - Gootkit Decryption with Python
ฝัง
- เผยแพร่เมื่อ 10 มี.ค. 2021
- In this video we take a look at how to go about replicating custom algorithms in malware, or even legitimate software. Nowadays, it is extremely common to find malware authors rolling their own crypto algorithms, either for encryption or decryption. As a result, you might have to write your own script to automate encryption or decryption of data, which opens several doors upon doing so, like writing automated config extractors. In this case, we look at a simple custom string decryption algorithm used by Gootkit, and replicate this decryption routine in Python.
Zero2Auto Sitewide 10% Off Coupon Code = "GUIDEDHACKING"
courses.zero2auto.com/?coupon...
^Automatically applied with the link above^
Time Stamps:
02:46 Unpacking Gootkit
12:01 Static Analysis
24:50 Dynamic Analysis
30:59 Replicating the Algorithm
Discussion: guidedhacking.com/threads/mal...
Donate on our Forum : bit.ly/2HkOco9
file hash: cbdaba88959dd21dc6605f8eda642f18
Gootkit is a banking trojan that has been around since 2014 but became sort of famous in 2019, it's purpose is to steal online banking credentials. At the time a new version of Gootkit was identified in 2019, it was using an interesting Windows Defender bypass by whitelisting it's path via WMIC commands. The Gootkit banking trojan also used a UAC bypass via the DelegateExecute registry key and fodhelper.exe. There appears to be a few variants of it, each article I have found seems to describe them a bit different.
Malware Analysis is the process of using disassemblers to statically analyze malware samples along with debuggers to analyze them at runtime. With these combined methods it's possible to reverse engineer a piece of malware and identify it's methods of distrubtion, compromise, elevation of privelage and persistence mechanism. With this information security professionals can effectively detect & combat these threats world wide. If you enjoy reverse engineering, a career in malware analysis might be for you.
This Malware Analysis tutorial will walk you through the process of unpacking the Gootkit banking trojan malware. This is not a beginner tutorial, you will want to have some experience with reverse engineering to really enjoy this video. You will learn how to perform static analysis with the free version of IDA Pro, perform dynamic analysis with x64dbg and you will learn to do these things side by side to identify the string encryption algorithm. Once the encryption algorithm is found we'll identify it as a simple xor cipher and write a short python script to automate the decryption of this banking trojan's encrypted strings.
-=GuidedHacking=-
Donate on our Forum : bit.ly/2HkOco9
Support us on Patreon : bit.ly/38mnveC
Follow us on Facebook : bit.ly/2vvHfhk
Follow us on Twitter : bit.ly/3bC7J1i
Follow us on Twitch : bit.ly/39ywOZ2
Follow us on Reddit : bit.ly/3bvOB57
Follow us on GitHub : bit.ly/2HoNXIS
Follow us on Instagram : bit.ly/2SoDOlu
#MalwareAnalysis #Python #Gootkit - วิทยาศาสตร์และเทคโนโลยี
