01 – Getting Started with the Lockbit Builder and Creating Sample Binaries



Video Summary and Key Points

Short Summary

The video discusses an in-depth exploration of the LockBit ransomware builder and its anti-analysis techniques. The presenter aims to provide valuable insights that were initially part of a workshop but could not be fully covered. The video sets the stage for a series focused on reversing the binary’s API resolution and examining its anti-analysis methods.

Key Points

  • The video is a continuation of a workshop presented at Defcon, focusing on LockBit ransomware.
  • Emphasis is placed on API resolution and anti-analysis techniques used by LockBit.
  • Basic triage analysis will be provided before diving into deeper technical discussions.
  • Workshop materials, including the LockBit builder files, are available for viewers.
  • The leaked builder allows affiliates to create custom ransomware executables.
  • Two primary executables are highlighted: lb3.exe and lb3_pass.exe, with one requiring a password.
  • Accessing the packed version of the ransomware necessitates a password found in the workshop materials.
  • The video emphasizes the importance of running malware analysis in a controlled and isolated environment.
  • Future videos will use tools like IDA for binary analysis and will require careful setup to mitigate risks.

Youtube Channel: Dr Josh Stroschein – The Cyber Yeti
Video Published: 2024-09-17T18:00:34+00:00

Video Description:
This series is designed to get you hands-on reversing some of the anti-analysis techniques found in Lockbit 3.0, also known as Lockbit Black. This series will be broken down into several videos to help make the content easier to follow. Part 01 will start with creating binaries using the leaked LB builder. The resulting binaries it produces are the ransomware that would be used to attack organizations and gain victims. You can use the builder to generate your own binaries if you choose to follow along.
,
Join this channel to get access to perks:
https://www.youtube.com/channel/UCI8zwug_Lv4_-KPT62oeDUA/join

🚨 WARNING! If you follow along by creating your own binaries, ensure you have a safe analysis environment. The builder produces the real Lockbit ransomware and can cause irreversible damage to your systems! 🚨

You can find the builder on Github: hxxps://github[.]com/arosenmund/defcon32_dissecting_defeating_ransomwares_evasion

Cybersecurity, reverse engineering, malware analysis and ethical hacking content!
🎓 Courses on Pluralsight 👉🏻 https://www.pluralsight.com/authors/josh-stroschein
🌶️ YouTube 👉🏻 Like, Comment & Subscribe!
🙏🏻 Support my work 👉🏻 https://patreon.com/JoshStroschein
🌎 Follow me 👉🏻 https://twitter.com/jstrosch, https://www.linkedin.com/in/joshstroschein/
⚙️ Tinker with me on Github 👉🏻 https://github.com/jstrosch
🤝 Join the Discord community and more 👉🏻 https://www.thecyberyeti.com

1:20 Getting the Files on Github
1:58 Builder structure
2:35 A note about the build.bat file
3:49 Building the ransomware binaries
4:15 First anti-analysis trick, a password
5:30 Some serious safety reminders!
6:30 Using IDA’s cloud decompiler