Sunday, May 14, 2017

WannaCry 2.0 - Three ways to find the Kill Switch


Here I demonstrate three ways you can find the Kill Switch that is hard-coded into the WannaCry 2.0 Ransomware sample. Firstly we look at the network strings in the binary using pestr. Second we run the binary and monitor the network activity in Wireshark. Third, we disassemble the binary in IDA-Pro and debug in Ollydgb. Sample discussed MD5: db349b97c37d22f5ea1d1841e3c89eb4

Congrats to @MalwareTechBlog for finding this, definitely worth a follow on Twitter if you don't already.

For more Malware chat, follow me on Twitter also, @cybercdh or check out my website

No comments :

Post a Comment