Analysis Malware Flawed Ammyy RAT Dengan Metode Reverse Engineering

Tesa Pajar Setia, Nur Widiyasono, Aldy Putra Aldya

Abstract


Malware is currently growing rapidly, diverse and complex. But, human resources that can carry out malware analysis is limited, because special expertise is needed.Reverse engineering is one of many solution that can carry out malware analysis, because reverse engineering techniques can reveal malware code. On March 5, 2018, found spam email containing files, the file contained malware flawed ammyy. This flawed ammyy is a software that comes from Ammyy Admin version 3 and then misused by hackers TA505. This study aims to identify the malware, especially the Flawed Ammyy RAT malware. This research uses descriptive methodology, then to do malware analysis used dynamic analysis and reverse engineering methods. The results of the study show that the Flawed Ammyy RAT malware works by hiding in the Ammyy Admin application then connecting to the attacker with ip address 103.208.86.69. netname ip address 103.208.86.69 is zappie host. There are 50 registry changes that are carried out by malware on infected systems. After the attacker has been connected with the victim, the attacker can easily do the remote control without the victim's knowledge.

References


N. Zalavadiya and S. Priyanka, "A Methodology of Malware Analysis, Tools and Technique for Windows Platform - RAT Analysus," 2017.

S. C. Y. Hutauruk, F. A. Yulianto and G. B. Satrya, "Malware Analysis Pada Windows Operating System Untuk Mendeteksi Trojan," e-Proceding of Enggineering , vol. III, no. 2, pp. 3590-3595, 2016.

R. Adenansi and L. A. Novarina, "Malware Dynamic," JOEICT (Jurnal of Education and Information Communication Technology), vol. 1, no. 1, p. 37, 2017.

D. R. Septani, N. Widiyasono and H. Mubarok, "Investigasi Serangan Malware Njrat Pada PC," Jurnal Edukasi dan Penelitian Informatika (JEPIN), vol. II, no. 2, pp. 123-128, 2016.

T. A. Cahyanto, V. Wahanggara and D. Ramadana, "Analisis dan Deteksi Malware Menggunakan Metode Analisis Dinamis," JUSTINDO, Jurnal Sistem & Teknologi Informasi Indonesia , vol. II, no. 1, pp. 19-30, 2017.

U. K. Bavishi and B. M. Jain, "Malware Analysis," International Journals of Advanced Research in Computer Science and Software Engineering, vol. VII, no. 12, pp. 27-33, 2017.

D. Uppal , V. Mehra and V. Verma, "Basic on Malware Analysis, Tools, and Technique," International Journal on Computational Sciences & Applications (IJCSA) Vol.4, No.1, pp. 103-112, 2014.

A. H. Muhammad, B. Sugiantoro and A. Luthfi, "Metode Klasifikasi dan Analisis Karakteristik Malware Menggunakan Konsep Ontologi," Tenomatika, vol. IX, no. 2, pp. 16-28, 2017.

H. A. Nugroho and Y. Prayudi, "Penggunaan Teknik Reverse Engineering Pada Malware Analysis Untuk Identifikasi Serangan Malware," KNSI 2014, 27-28 Februari 2015, STMIK Dipanegara Makasar, pp. 1-8, 2015.

Proofpoint Staff, "Proofpoint," 7 Maret 2018. [Online]. Available: https://www.proofpoint.com/us/threat-insight/post/leaked-source-code-ammyy-admin-turned-flawedammyy-rat.

K. Sheridan, "Darkreading," 12 Maret 2018. [Online]. Available: https://www.darkreading.com/endpoint/flawedammyy-rat-campaign-puts-new-spin-on-old-threat/d/d-id/1331248.

A. Saraswat, "Hacking, Hacking Tools, Vulnerability," 10 Maret 2018. [Online]. Available: https://professionalhackers.in/beware-of-flawedammyy-rat-that-steals-credentials-and-record-audio-chat/.

S. Y. S, Y. Prayudi and I. Riadi, "Implementation of Malware Analysis using Static and Dynamic Analysis Method," International Journal of Computer Applications, vol. CXVII, no. 6, pp. 11-15, 2015.

K. Ki-Su, S. Hyo-Jeong and K. Hyong-Shik, "A Bit Vector Based Binary Code Comparison Method for Static Malware Analysis," Journal of Computers, vol. xiii, no. 5, pp. 545-554, 2018.

A. Zimba, L. Simukonda and M. Chishimba, "Demystifying Ransomware Attacks: Reverse Engineering and Dynamic Malware Analysis of WannaCry for Network and Information Security," ZAMBIA INFORMATION COMMUNICATION TECHNOLOGY (ICT) JOURNAL, vol. i, no. 1, pp. 35-40, 2017.

B. Thakar and C. Parekh, "Reverse Engineering of Bonet (APT)," Information and Communication Technology for Intelligent Systems, vol. ii, no. 1, pp. 252-262, 2017.




DOI: http://dx.doi.org/10.30591/jpit.v3i3.1019

Refbacks

  • There are currently no refbacks.


Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 International License.

Terindeks oleh :

 

 http://ejournal.poltektegal.ac.id/public/site/images/informatika/Google_Scholar_logo.png

 

 

 

 

   ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Tim Redaksi JURNAL INFORMATIKA : JURNAL PENGEMBANGAN IT

Program Studi D4 Teknik Informatika
Politeknik Harapan Bersama Tegal
Jl. Mataram No.09 Pesurungan Lor Kota Tegal

Telp. +62283 - 352000

Email :
informatika.ejournal@poltektegal.ac.id

   

Copyright: JPIT (Jurnal Informatika: Jurnal Pengembangan IT) p-ISSN: 2477-5126 (print), e-ISSN 2548-9356 (online) 

Flag Counter
 
 
 
 
site
stats
 
View Visitor Statistic
 
 
 
 
 

 

Creative Commons License
JPIT (Jurnal Informatika: Jurnal Pengembangan IT) is licensed under a Creative Commons Attribution 4.0 International License.