Skip to content

karimelmasry42/locky-ransomware-analysis

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

2 Commits
analysis
analysis
Β 
Β 
provided_material
provided_material
Β 
Β 
report
report
Β 
Β 
.gitignore
.gitignore
Β 
Β 
README.md
README.md
Β 
Β 

Repository files navigation

Locky Ransomware Analysis

This repository contains a comprehensive static and dynamic analysis of the Locky ransomware sample, conducted as part of a malware reverse engineering project.

πŸ§ͺ Project Overview

  • Malware Family: Locky Ransomware
  • Sample Hash: afec2b2af3ace2c478382f9366f6cbc9b9579f2c9a4273150fc33a2ccd59284c
  • Techniques Used:
    • Static Analysis (PEiD, PEStudio, FLOSS, Ghidra, IDA)
    • Dynamic Analysis (ProcMon, Wireshark, Fakenet)
    • Behavioral Analysis (ANY.RUN, FLARE VM)

πŸ“‚ Folder Structure

β”œβ”€β”€ analysis/
β”‚   β”œβ”€β”€ static/
β”‚   └── dynamic/
β”œβ”€β”€ report/
β”œβ”€β”€ provided_material/
└── sample/ (excluded from GitHub)

🧠 Key Findings

  • Locky uses junk code and encrypted strings to hinder reverse engineering.
  • C2 communication was observed via HTTP POST.
  • The main payload is decrypted and executed in memory.

πŸ›  Tools Used

Tool Purpose
PEiD Packing detection
PEStudio Static PE analysis
FLOSS Obfuscated string recovery
Ghidra/IDA Disassembly and decompilation
ProcMon File/Registry monitoring
Wireshark Network traffic inspection
Fakenet Simulated network sinkhole
ANY.RUN Online sandbox behavior

πŸ‘€ Authors

  • Karim Elmasry
  • Abdelrahman Abdelmoaty
  • Haidy Ahmed
  • University: AASTMT β€” Cybersecurity Program
  • Semester: Spring 2025

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages