Δυναμική ανάλυση κακόβουλου λογισμικού και χρήση των LOLBAS/LOLBINs
Dynamic malware analysis and the abuse of LOLBAS/LOLBINs
KeywordsΙομορφικό λογισμικό ; Κακόβουλο λογισμικό ; Ransomware ; Cuckoo ; Sandbox ; LOLBAS ; Δυναμική ανάλυση ; Αποφυγή ανάλυσης ; Κρυπτογράφηση ; Εικονικό μηχάνημα ; Iomorphic software ; Malware ; Dynamic analysis ; Analysis evasion ; Encryption ; Virtual machine
In this master's thesis we have shown how malicious software’s named Ransomware attacks work. We demonstrated this by creating virtual machines through Virtual Box and using Cuckoo Sandbox. Before starting the analyses we partially configured the Windows 10 virtual machine in the best possible ways so that it cannot be detected by Ransomware and we get better results in terms of their functionality. Through dynamic analysis we examined the ten most successful types of Ransomware. In total we analyzed two hundred samples, that is twenty samples of each and presented the mechanisms of operation and the mechanisms to avoid detection and analysis by security researchers. We also identified through the Json results the LOLBAS files, and presented the types of cryptographic methods as well as the messages they leave for the user to pay the ransom. We also presented a multitude of techniques and peculiarities of each Ransomware. We have also shown graphs of overall statistics to better understand our analysis, our virtual machine capabilities and also the severity of such an attack on any system they infect. This specific thesis can be very useful to security researchers to know what they will detect following the relevant implementation but also informative for the creation of defense mechanisms of their systems.