Short Summary
The video discusses an in-depth exploration of the LockBit ransomware builder and its anti-analysis techniques. The presenter aims to provide valuable insights that were initially part of a workshop but could not be fully covered. The video sets the stage for a series focused on reversing the binary’s API resolution and examining its anti-analysis methods.
Key Points
- The video is a continuation of a workshop presented at Defcon, focusing on LockBit ransomware.
- Emphasis is placed on API resolution and anti-analysis techniques used by LockBit.
- Basic triage analysis will be provided before diving into deeper technical discussions.
- Workshop materials, including the LockBit builder files, are available for viewers.
- The leaked builder allows affiliates to create custom ransomware executables.
- Two primary executables are highlighted:
lb3.exe
andlb3_pass.exe
, with one requiring a password. - Accessing the packed version of the ransomware necessitates a password found in the workshop materials.
- The video emphasizes the importance of running malware analysis in a controlled and isolated environment.
- Future videos will use tools like IDA for binary analysis and will require careful setup to mitigate risks.
Youtube Channel: Dr Josh Stroschein – The Cyber Yeti
Video Published: 2024-09-17T18:00:34+00:00
Video Description:
This series is designed to get you hands-on reversing some of the anti-analysis techniques found in Lockbit 3.0, also known as Lockbit Black. This series will be broken down into several videos to help make the content easier to follow. Part 01 will start with creating binaries using the leaked LB builder. The resulting binaries it produces are the ransomware that would be used to attack organizations and gain victims. You can use the builder to generate your own binaries if you choose to follow along.
,
Join this channel to get access to perks:
https://www.youtube.com/channel/UCI8zwug_Lv4_-KPT62oeDUA/join
WARNING! If you follow along by creating your own binaries, ensure you have a safe analysis environment. The builder produces the real Lockbit ransomware and can cause irreversible damage to your systems!
You can find the builder on Github: hxxps://github[.]com/arosenmund/defcon32_dissecting_defeating_ransomwares_evasion
Cybersecurity, reverse engineering, malware analysis and ethical hacking content!
Courses on Pluralsight
https://www.pluralsight.com/authors/josh-stroschein
YouTube
Like, Comment & Subscribe!
Support my work
https://patreon.com/JoshStroschein
Follow me
https://twitter.com/jstrosch, https://www.linkedin.com/in/joshstroschein/
Tinker with me on Github
https://github.com/jstrosch
Join the Discord community and more
https://www.thecyberyeti.com
1:20 Getting the Files on Github
1:58 Builder structure
2:35 A note about the build.bat file
3:49 Building the ransomware binaries
4:15 First anti-analysis trick, a password
5:30 Some serious safety reminders!
6:30 Using IDA’s cloud decompiler