This repository contains an analysis of the NotPetya malware. The SHA256 hash of the sample that was analyzed is 027cc450ef5f8c5f653329641ec1fed91f694e0d229928963b30f6b0d7d3a745. All the work presented here is produced for the 2IC80 - Lab on offensive computer security course by:
- Roan Hofland
- Sverre van Mulken
- A Ghidra project for the NotPetya binary with the aforementioned hash can be found in NotPetya.
- A log for the reverse engineering process with highly detailed descriptions of all the subroutines can be found in Notes.
- A report summarizing the key findings can be found here.
This repository does not contain any malware, the sample analyzed can be found in the following GitHub repository: fabrimagic72/malware-samples. Please take care when handling these samples.
Project development started: 25th of February, 2020.
Project due date: 13th of April, 2020.