Olympic Destroyer Analysis and Samples
Olympic Destroyer as the name implies is a malware / worm designed for destruction and sabotage the of on going Winter Olympic games in Pyeongchang, South Korea.
In a nutshell, Olympic Destroyer steal credentials stored in the browser, i.e. Chrome, Firefox and Internet Explorer. It also steal credentials from of the local system. It propagates by discovering the network the infected machine is connected. Every time it propagates it create a new mutated copy of itself which contains the credentials of all of its previous hosts its infected and hard coded credentials which were put it by its authors.
Then its destructive mechanism is kicked in and it deletes the OS system backup catalog which make recovery difficult. It also disables BCEdit.exe, which is pre-boot Windows recovery console, so that window do not try to repair itself. Stop all the services and removes its activity from event logs and ultimately shut down the system, which then fails to start.
For more details see VirusTotal analysis which can be found here.
The password of the zip is: infected
In a nutshell, Olympic Destroyer steal credentials stored in the browser, i.e. Chrome, Firefox and Internet Explorer. It also steal credentials from of the local system. It propagates by discovering the network the infected machine is connected. Every time it propagates it create a new mutated copy of itself which contains the credentials of all of its previous hosts its infected and hard coded credentials which were put it by its authors.
Then its destructive mechanism is kicked in and it deletes the OS system backup catalog which make recovery difficult. It also disables BCEdit.exe, which is pre-boot Windows recovery console, so that window do not try to repair itself. Stop all the services and removes its activity from event logs and ultimately shut down the system, which then fails to start.
For more details see VirusTotal analysis which can be found here.
Olympic Destroyer Sandbox Run
Olympic Destroyer Sample Hash
MD5: cfdd16225e67471f5ef54cab9b3a5558 SHA1: 26DE43CC558A4E0E60EDDD4DC9321BCB5A0A181C SHA256: EDB1FF2521FB4BF748111F92786D260D40407A2E8463DCD24BB09F908EE13EB9 SSDEEP: 49152:R9dnjRSnRMWHrVDoqNcVhcAwARGcWRrLy3pNq:3dVSRMUrVDEVHLRGdRrLy5N
Download Olympic Destroyer Sample
The password of the zip is: infected
Download Olympic Destroyer PCAP
Click to Load Comments
