GandCrab Ransomware Analysis on Windows Using Static Method

Authors

  • Anisa Oktaviani Universitas Amikom Yogyakarta
  • Melwin Syafrizal Universitas AMIKOM Yogyakarta

DOI:

https://doi.org/10.12928/biste.v3i2.4884

Keywords:

GandCrab, Malware, Ransomware, Analisis Statis

Abstract

Malware-infected operating systems may experience system damage, files or loss of important data. Ransomware is a type of malware that works by attacking the internet network and then encrypting the victim's computer. So that the victim can access his computer again, the victim is asked to redeem (ransom) with some money in the form of Bitcoin. One of them is GandCrab. Gandcrab is a very powerful ransomware and only the creators of Gandcrab know the description of the encrypted files.Static analysis is done by importing malware samples into Virustotal, Dependency walker, PEStudio, Exeinfo PE, and PEexplorer tools to get the strings function, which will then be analyzed to find out how the GandCrab Ransomware works.This study analyzes the gandcrab ransomware malware using a static method. In the Virustotal tool, it was found that the malware sample file was detected as malware with a ratio of 60 out of 70 antimalware. Furthermore, it was found that GandCrab is in PE (portable executable) format, compiled using Microsoft Visual C++ and GndCrab accesses some DLL (dynamic link-library) functions.

Sistem operasi yang terinfeksi malware dapat mengalami kerusakan sistem, file atau kehilangan data-data penting. Ransomware merupakan salah satu jenis malware yang bekerja dengan cara menyerang jaringan internet kemudian mengenkripsi komputer korban. Agar korban dapat mengakses komputernya lagi, korban diminta unutk menebus (ransom) dengan sejumlah uang dalam bentuk Bitcoin. Salah satunya yaitu GandCrab. Gandcrab merupakan ransomware yang sangat kuat dan hanya pembuat gandcrab yang mengetahui deskripsi dari file yang terenkripsi. Analisis statis dilakukan dengan mengimpor sample malware kedalam tools Virustotal, Dependency walker, PEStudio, Exeinfo PE, dan PEexplorer untuk mendapatkan fungsi strings yang kemudian strings tersebut akan dianalisa untuk mengetahui cara kerja dari GandCrab Ransomware. Penelitian ini melakukan analisis terhadap malware gandcrab ransomware dengan menggunakan metode statis. Pada tool Virustotal, didapatkan bahwa file sample malware terdeteksi sebagai malware dengan rasio 60 dari 70 antimalware.  Selanjutnya ditemukan bahwa GandCrab berformat PE (portable executable), dikompilasi menggunakan Microsoft Visual C++ dan GandCrab mengakses beberapa fungsi DLL (dynamic link-library).

Author Biography

Anisa Oktaviani, Universitas Amikom Yogyakarta

nama saya anisa. saya dari jambi dan belajar di universitas amikom yogyakarta. jurusan saya adalah teknik komputer

References

I. Hariman and A. Syams, “Analisis Malware Dengan Teknik Static Analysis,” 2015.

Chebyshev Victor, “IT threat evolution Q3 2020 Mobile statistics | Securelist.” 2020, [Online]. Available: https://securelist.com/it-threat-evolution-q3-2020-mobile-statistics/99461

S. C. Hsiao and D. Y. Kao, “The static analysis of WannaCry ransomware,” Int. Conf. Adv. Commun. Technol. ICACT, vol. 2018-Febru, pp. 153–158, 2018. https://doi.org/10.23919/ICACT.2018.8323680

S. Usharani, P. Manju Bala, and M. Martina Jose Mary, “Dynamic Analysis on Crypto-ransomware by using Machine Learning: GandCrab Ransomware,” J. Phys. Conf. Ser., vol. 1717, p. 012024, 2021. https://doi.org/10.1088/1742-6596/1717/1/012024

S. Talukder and Z. Talukder, “A Survey on Malware Detection and Analysis Tools,” Int. J. Netw. Secur. Its Appl., vol. 12, no. 2, pp. 37–57, 2020. https://doi.org/10.5121/ijnsa.2020.12203

Malwarebytes, “GandCrab Ransomware - Removal and Prevention Guide | Malwarebytes.” 2019, [Online]. Available: https://www.malwarebytes.com/gandcrab

S. Gadhiya, K. Bhavsar, and P. D. Student, “Techniques for Malware Analysis,” Int. J. Adv. Res. Comput. Sci. Softw. Eng., vol. 3, no. 4, pp. 2277–128, 2013.

D. Uppal, V. Mehra, and V. Verma, “Basic survey on Malware Analysis, Tools and Techniques,” Int. J. Comput. Sci. Appl., vol. 4, no. 1, pp. 103–112, 2014. https://doi.org/10.5121/ijcsa.2014.4110

P. Nunes, I. Medeiros, J. C. Fonseca, N. Neves, M. Correia, and M. Vieira, “Benchmarking Static Analysis Tools for Web Security,” IEEE Trans. Reliab., vol. 67, no. 3, pp. 1159–1175, 2018. https://doi.org/10.1109/TR.2018.2839339

A. Braga, R. Dahab, N. Antunes, N. Laranjeiro, and M. Vieira, “Understanding How to Use Static Analysis Tools for Detecting Cryptography Misuse in Software,” IEEE Trans. Reliab., vol. 68, no. 4, pp. 1384–1403, 2019. https://doi.org/10.1109/TR.2019.2937214

Downloads

Published

2021-11-27

How to Cite

[1]
A. Oktaviani and M. Syafrizal, “GandCrab Ransomware Analysis on Windows Using Static Method”, Buletin Ilmiah Sarjana Teknik Elektro, vol. 3, no. 2, pp. 163–175, Nov. 2021.

Issue

Section

Artikel