Analysis of CryCryptor Android Ransomware and how I created decryptor | fake COVID-19 tracing app

Подписаться 392 тыс.

Просмотров 8 тыс.

50% 1

Code and vulnerability analysis of CryCryptor Android Ransomware that was distributed via malicious websites as COVID-19 Tracing app in Canada.
More information: www.welivesecurity.com/2020/0...
In this video you will see:
(0:00): Intro
(0:39): Distribution of CryCryptor
(1:45): Code analysis
(6:47): Running ransomware
(9:24): Discovered vulnerability
(10:44): Decryption tool

Наука

Опубликовано:

1 авг 2024

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 22

@mobilehacker 4 года назад

(0:00) ⏩ Intro (0:39) ⏩ Distribution of CryCryptor (1:45) ⏩ Code analysis (6:47) ⏩ Running ransomware (8:13) ⏩ CryCryptor is open-source (9:24) ⏩ Discovered vulnerability (10:44) ⏩ Decryption tool (10:20) ⏩ Outro

@sh4d0wless44 3 года назад

Awesome analysis, thank you Lukas! I started learning mobile application security and malware analysis topics a few weeks ago and your channel is really helpful for beginners like me. Thanks

@TechnicalHeavenSM 3 года назад

Super cool.. Would like to see more malware analysis

@erkut931 4 года назад

Awesome! I would to see more code analysis video, thanks Lukas

@mobilehacker 4 года назад

You are on the right place then :) There definitely will be more code analysis 💪✌

@GauravYadav-nd9st 4 года назад

Awesome work 👍👍. Liked your approach straight into the juicy stuff🤩🤩😂😂👌👌

@mobilehacker 4 года назад

life's too short to waste your time on not juicy stuff 😀😀

@GauravYadav-nd9st 4 года назад

@@mobilehacker That's true . Are you sure you are not a philosopher 😂😂😁😁😉😉

@RhaenyraTargaryen-qs4hu 9 месяцев назад

Great analysis. I see the encryption algorithm is AES-CBC. Was there a hardcoded key?

@paulmichaud7970 3 года назад

Hi thank you for all your work ! I've been infected by crycryptor (.enc) there is a few days I installed the app but nothing happen when I launch it do you know why ?maybe a new version of ransomware ? thanks

@hm00 4 года назад

Thank you! would like to see some deobfuscation videos if you don't mind!

@mobilehacker 4 года назад

Most likely I will not publish such video any time soon since I am not using any deobfuscation tool - I dont think there is any universal deobfuscator that really helps. You have to get used to analyze obfuscated code 😕

@CristiVladZ 4 года назад

Really insightful Lukas. How long did it actually take you to analyze this malware?

@mobilehacker 4 года назад

Shorter than to create this video. Even shorter than the length of this video, no kidding!

@hermanbrits611 4 года назад

Could you perhaps share the script you ran on your pc to monitor altered files?

@mobilehacker 4 года назад

Sure! I used my custom script to monitor file system changes however, this one is more less the same and works perfectly when I tested. Observe file system accesses: codeshare.frida.re/@FrenchYeti/android-file-system-access-hook/

@SylwesterMadej 4 года назад

Is it common that the malware is based on some open source code?

@mobilehacker 4 года назад

Good question. I wouldn't say common but it happens more often these days. From what I have seen so far, there are open-source banking trojans, spyware, ransomware, RATs (Remote Administration Tools) and even commercial spywares which code/builders got leaked. Such open source if the easiest pick for cyber criminals and they either distribute such malware as it is or make changes/updates and then spread it.