REvil_full.pdf
36.1 MB
A Detailed Analysis of The Last Version of REvil Ransomware
Prepared by: Vlad Pasca
Senior Malware and Threat Analyst
#REvil #malware_analysis
Prepared by: Vlad Pasca
Senior Malware and Threat Analyst
Table of contents
Executive summary 2
Analysis and findings 2
Thread activity – sub_1282EA7 function 37
Thread activity – sub_1287677 function 37
Thread activity – sub_1284468 function 41
Thread activity – sub_12841D3 function 44
Running with the -smode parameter 48
Running with the -silent parameter 51
Running with the -path parameter 51
Running with the -nolan parameter 51
Running with the -nolocal parameter 51
Running with the -fast parameter 51
Running with the -full parameter 51
Indicators of Compromise 51
Appendix 52
#REvil #malware_analysis