From a simple log to sophisticated crypter

Recordings

https://www.youtube.com/watch?v=h3J7UD2f2Rw

View Recording

Slides

/files/slides/002_04-AMTLWJ-BABADEDA Crypter.pdf

View Slides

Abstract

As security researchers we always strive to find the next piece of malware no one else has seen before. For this, we use our telemetry and research skills to understand a threat and the story behind it.

In this talk, we share our research about an emerging threat we’ve dubbed the Babadeda crypter. From what looked like an anomaly in our telemetry, we slowly identified more details about this sophisticated crypter. We started with a deep dive analysis of the crypter’s inner workings, and discovered its handful of usages in the wild. This led us to reveal its use in major campaigns targeting NFT communities and Ukrainian companies. The evidence we collected along the way led us to attribute this to a Russian actor.

Hido Cohen

I started my way as a Cyber Security Researcher at the Israeli military. After serving for three years I moved to work at Morphisec as a Malware Researcher. As a blue teamer, I’m fascinated with everything related to malware, threat hunting and Windows internals.

 

Arnold Osipov

Arnold Osipov has been a security researcher at Morphisec for the last 3 years. He specializes in malware research and threat intelligence. Prior he was a malware researcher at Check Point.