Live Stream VOD: Unpacking NightSky Ransomware (VMProtect) (Patreon)

Published:

2022-01-10 05:01:04

Imported:

2022-12

Content

Twitch live stream VOD. We unpack NightSky ransomware which is packed with VMProtect 3 (but not fully virtualized). We also use Dumpulator to identify a complex function without needing to fully reverse engineer it.

Sample available on Malshare:

8c1a72991fb04dc3a8cf89605fb85150ef0e742472a0c58b8fa942a1f04877b0

Lab Notes:

NightSky Ransomware

Unpacked Sample:

1fca1cd04992e0fcaa714d9dfa97323d81d7e3d43a024ec37d1c7a2767a17577

During the VMP unpacking we use vmpdump.

Files

Unpacking VMProtect NightSky Ransomware

This is "Unpacking VMProtect NightSky Ransomware" by OALABS on Vimeo, the home for high quality videos and the people who love them.