Dynamically Analyzing Linux Black Basta Ransomware

In this video, we dynamically analyze the Linux Black Basta ransomware family. We use strace to determine the required directories and trigger both the encryption and decryption behavior. --- Timestamps: 00:00 Intro 00:44 Analysis Enviroment 02:13 Starting Dynamic Analysis 03:19 Decryptors 04:26 Trigging Encryptor 06:21 Strace 08:00 VMWare ESXi 09:39 VMFS Test 12:30 Ransom Note 15:07 Strace Encryptor Output 15:50 Multithreading 17:48 Triggering Decryptor 19:38 Dumped key? 20:58 Decryptor Round 2 22:58 Successful Decryption! 23:27 Recap --- Software Links Mentioned in Video: strace manpage: https://www.man7.org/linux/man-pages/man1/strace.1.html --- Malware Examined in the video (BlackBasta): Decryptor: sha256:96339a7e87ffce6ced247feb9b4cb7c05b83ca315976a9522155bad726b8e5be Encryptor: sha256:0d6c3de5aebbbe85939d7588150edf7b7bdc712fceb6a83d79e65b6f79bfc2ef --- laurieWIRED Twitter: https://twitter.com/lauriewired laurieWIRED Website: http://lauriewired.com laurieWIRED Github: https://github.com/LaurieWired laurieWIRED HN: https://news.ycombinator.com/user?id=lauriewired laurieWIRED Reddit: https://www.reddit.com/user/LaurieWired