OpenSSl Uses Ransomware

  • Hi All,
    Can anyone please tell me , how any Ransomware uses OpenSSl.
    I m starting to analysis the sample IRON that @Struppigel shares on @VirusBay, and I got news from Twitter that it uses OpenSSL posted by @hasherezade ,
    So as I m new to this , I want to know how we can ensure it uses OpenSSL or Win Crypt API.
    As with Win Crypt API, we can see the method uses during call of LoadAdress() and GetProcAddress(),
    But what about OpenSSL, how we confirm about it .


    1. And one more thing , With OpenSSl is it possible to get Private Key during Debugging Process.

  • I need u people response, I request you plz response

  • Hi,

    Check what library LoadLibrary function call loads. And then follow subsequent GetProcAddress calls. That will give you a fair bit of idea. DM me the link to the sample.
    I would like to give it a try.

    Also During debugging you may get Keys ransomware have generated but those will be different for different machine.

Log in to reply

Looks like your connection to Malware Analysis Forums was lost, please wait while we try to reconnect.