Analyzing WhisperGate and BlackCat Malware: Methodology and Threat Perspective

The increasing use of powerful evasive ransomware malware in cyber warfare and targeted attacks is a persistent and growing challenge for nations, corporations, and small and medium-sized enterprises. This threat is evidenced by the emergence of the WhisperGate malware in cyber warfare, which target...

Full description

Saved in:
Bibliographic Details
Published in:International journal of advanced computer science & applications 2023, Vol.14 (4)
Main Authors: Nicho, Mathew, Yadav, Rajesh, Singh, Digvijay
Format: Article
Language:English
Subjects:
Cybersecurity
Electronic warfare
Malware
Organizations
Ransomware
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
cited_by
cites
container_end_page
container_issue 4
container_start_page
container_title International journal of advanced computer science & applications
container_volume 14
creator Nicho, Mathew
Yadav, Rajesh
Singh, Digvijay
description The increasing use of powerful evasive ransomware malware in cyber warfare and targeted attacks is a persistent and growing challenge for nations, corporations, and small and medium-sized enterprises. This threat is evidenced by the emergence of the WhisperGate malware in cyber warfare, which targets organizations in Ukraine to render targeted devices inoperable, and the BlackCat malware, which targets large organizations by encrypting files. This paper outlines a practical approach to malware analysis using WhisperGate and BlackCat malware as samples. It subjects them to heuristic-based analysis techniques, including a combination of static, dynamic, hybrid, and memory analysis. Specifically, 12 tools and techniques were selected and deployed to reveal the malware’s innovative stealth and evasion capabilities. This methodology shows what techniques can be applied to analyze critical malware and differentiate samples that are variations of known threats. The paper presents currently available tools and their underlying approaches to performing automated dynamic analysis on potentially malicious software. The study thus demonstrates a practical approach to carrying out malware analysis to understand cybercriminals’ behavior, techniques, and tactics.
doi_str_mv 10.14569/IJACSA.2023.0140456
format article
fullrecord <record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_proquest_journals_2819915997</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>2819915997</sourcerecordid><originalsourceid>FETCH-LOGICAL-c274t-edaf419117541bc7e9890ebe6e47f9dd030cb7864da42e48792387f4c21527573</originalsourceid><addsrcrecordid>eNotkMtOwzAQRS0EElXpH7CIxDrFz9hmFyIoRS0gUQQ7y3UmbUpoip2CwteTPmYzo5k7V7oHoUuCh4SLRF-PH9PsNR1STNkQE4675QnqUSKSWAiJT_ezigmWH-doEMIKd8U0TRTroad0bav2r1wvovdlGTbgR7aByK7z6Lay7jOzTTS11a_1cBNNoVnWeV3Vi3avmC09dPcX8N2ja8ofuEBnha0CDI69j97u72bZQzx5Ho2zdBI7KnkTQ24LTjQhUnAydxK00hjmkACXhc5zzLCbS5Xw3HIKXElNmZIFd10SKoVkfXR18N34-nsLoTGreuu7KMFQRbQmQuudih9UztcheCjMxpdf1reGYLOHZw7wzA6eOcJj_xTrYXo</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2819915997</pqid></control><display><type>article</type><title>Analyzing WhisperGate and BlackCat Malware: Methodology and Threat Perspective</title><source>Publicly Available Content Database (Proquest) (PQ_SDU_P3)</source><source>EZB Electronic Journals Library</source><creator>Nicho, Mathew ; Yadav, Rajesh ; Singh, Digvijay</creator><creatorcontrib>Nicho, Mathew ; Yadav, Rajesh ; Singh, Digvijay</creatorcontrib><description>The increasing use of powerful evasive ransomware malware in cyber warfare and targeted attacks is a persistent and growing challenge for nations, corporations, and small and medium-sized enterprises. This threat is evidenced by the emergence of the WhisperGate malware in cyber warfare, which targets organizations in Ukraine to render targeted devices inoperable, and the BlackCat malware, which targets large organizations by encrypting files. This paper outlines a practical approach to malware analysis using WhisperGate and BlackCat malware as samples. It subjects them to heuristic-based analysis techniques, including a combination of static, dynamic, hybrid, and memory analysis. Specifically, 12 tools and techniques were selected and deployed to reveal the malware’s innovative stealth and evasion capabilities. This methodology shows what techniques can be applied to analyze critical malware and differentiate samples that are variations of known threats. The paper presents currently available tools and their underlying approaches to performing automated dynamic analysis on potentially malicious software. The study thus demonstrates a practical approach to carrying out malware analysis to understand cybercriminals’ behavior, techniques, and tactics.</description><identifier>ISSN: 2158-107X</identifier><identifier>EISSN: 2156-5570</identifier><identifier>DOI: 10.14569/IJACSA.2023.0140456</identifier><language>eng</language><publisher>West Yorkshire: Science and Information (SAI) Organization Limited</publisher><subject>Cybersecurity ; Electronic warfare ; Malware ; Organizations ; Ransomware</subject><ispartof>International journal of advanced computer science &amp; applications, 2023, Vol.14 (4)</ispartof><rights>2023. This work is licensed under http://creativecommons.org/licenses/by/4.0/ (the “License”). Notwithstanding the ProQuest Terms and Conditions, you may use this content in accordance with the terms of the License.</rights><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://www.proquest.com/docview/2819915997?pq-origsite=primo$$EHTML$$P50$$Gproquest$$Hfree_for_read</linktohtml><link.rule.ids>314,780,784,4024,25753,27923,27924,27925,37012,44590</link.rule.ids></links><search><creatorcontrib>Nicho, Mathew</creatorcontrib><creatorcontrib>Yadav, Rajesh</creatorcontrib><creatorcontrib>Singh, Digvijay</creatorcontrib><title>Analyzing WhisperGate and BlackCat Malware: Methodology and Threat Perspective</title><title>International journal of advanced computer science &amp; applications</title><description>The increasing use of powerful evasive ransomware malware in cyber warfare and targeted attacks is a persistent and growing challenge for nations, corporations, and small and medium-sized enterprises. This threat is evidenced by the emergence of the WhisperGate malware in cyber warfare, which targets organizations in Ukraine to render targeted devices inoperable, and the BlackCat malware, which targets large organizations by encrypting files. This paper outlines a practical approach to malware analysis using WhisperGate and BlackCat malware as samples. It subjects them to heuristic-based analysis techniques, including a combination of static, dynamic, hybrid, and memory analysis. Specifically, 12 tools and techniques were selected and deployed to reveal the malware’s innovative stealth and evasion capabilities. This methodology shows what techniques can be applied to analyze critical malware and differentiate samples that are variations of known threats. The paper presents currently available tools and their underlying approaches to performing automated dynamic analysis on potentially malicious software. The study thus demonstrates a practical approach to carrying out malware analysis to understand cybercriminals’ behavior, techniques, and tactics.</description><subject>Cybersecurity</subject><subject>Electronic warfare</subject><subject>Malware</subject><subject>Organizations</subject><subject>Ransomware</subject><issn>2158-107X</issn><issn>2156-5570</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2023</creationdate><recordtype>article</recordtype><sourceid>PIMPY</sourceid><recordid>eNotkMtOwzAQRS0EElXpH7CIxDrFz9hmFyIoRS0gUQQ7y3UmbUpoip2CwteTPmYzo5k7V7oHoUuCh4SLRF-PH9PsNR1STNkQE4675QnqUSKSWAiJT_ezigmWH-doEMIKd8U0TRTroad0bav2r1wvovdlGTbgR7aByK7z6Lay7jOzTTS11a_1cBNNoVnWeV3Vi3avmC09dPcX8N2ja8ofuEBnha0CDI69j97u72bZQzx5Ho2zdBI7KnkTQ24LTjQhUnAydxK00hjmkACXhc5zzLCbS5Xw3HIKXElNmZIFd10SKoVkfXR18N34-nsLoTGreuu7KMFQRbQmQuudih9UztcheCjMxpdf1reGYLOHZw7wzA6eOcJj_xTrYXo</recordid><startdate>2023</startdate><enddate>2023</enddate><creator>Nicho, Mathew</creator><creator>Yadav, Rajesh</creator><creator>Singh, Digvijay</creator><general>Science and Information (SAI) Organization Limited</general><scope>AAYXX</scope><scope>CITATION</scope><scope>3V.</scope><scope>7XB</scope><scope>8FE</scope><scope>8FG</scope><scope>8FK</scope><scope>8G5</scope><scope>ABUWG</scope><scope>AFKRA</scope><scope>ARAPS</scope><scope>AZQEC</scope><scope>BENPR</scope><scope>BGLVJ</scope><scope>CCPQU</scope><scope>DWQXO</scope><scope>GNUQQ</scope><scope>GUQSH</scope><scope>HCIFZ</scope><scope>JQ2</scope><scope>K7-</scope><scope>M2O</scope><scope>MBDVC</scope><scope>P5Z</scope><scope>P62</scope><scope>PIMPY</scope><scope>PQEST</scope><scope>PQQKQ</scope><scope>PQUKI</scope><scope>PRINS</scope><scope>Q9U</scope></search><sort><creationdate>2023</creationdate><title>Analyzing WhisperGate and BlackCat Malware: Methodology and Threat Perspective</title><author>Nicho, Mathew ; Yadav, Rajesh ; Singh, Digvijay</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c274t-edaf419117541bc7e9890ebe6e47f9dd030cb7864da42e48792387f4c21527573</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2023</creationdate><topic>Cybersecurity</topic><topic>Electronic warfare</topic><topic>Malware</topic><topic>Organizations</topic><topic>Ransomware</topic><toplevel>online_resources</toplevel><creatorcontrib>Nicho, Mathew</creatorcontrib><creatorcontrib>Yadav, Rajesh</creatorcontrib><creatorcontrib>Singh, Digvijay</creatorcontrib><collection>CrossRef</collection><collection>ProQuest Central (Corporate)</collection><collection>ProQuest Central (purchase pre-March 2016)</collection><collection>ProQuest SciTech Collection</collection><collection>ProQuest Technology Collection</collection><collection>ProQuest Central (Alumni) (purchase pre-March 2016)</collection><collection>Research Library (Alumni Edition)</collection><collection>ProQuest Central (Alumni)</collection><collection>ProQuest Central</collection><collection>Advanced Technologies &amp; Aerospace Collection</collection><collection>ProQuest Central Essentials</collection><collection>AUTh Library subscriptions: ProQuest Central</collection><collection>Technology Collection</collection><collection>ProQuest One Community College</collection><collection>ProQuest Central</collection><collection>ProQuest Central Student</collection><collection>Research Library Prep</collection><collection>SciTech Premium Collection</collection><collection>ProQuest Computer Science Collection</collection><collection>Computer science database</collection><collection>ProQuest research library</collection><collection>Research Library (Corporate)</collection><collection>ProQuest advanced technologies &amp; aerospace journals</collection><collection>ProQuest Advanced Technologies &amp; Aerospace Collection</collection><collection>Publicly Available Content Database (Proquest) (PQ_SDU_P3)</collection><collection>ProQuest One Academic Eastern Edition (DO NOT USE)</collection><collection>ProQuest One Academic</collection><collection>ProQuest One Academic UKI Edition</collection><collection>ProQuest Central China</collection><collection>ProQuest Central Basic</collection><jtitle>International journal of advanced computer science &amp; applications</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Nicho, Mathew</au><au>Yadav, Rajesh</au><au>Singh, Digvijay</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Analyzing WhisperGate and BlackCat Malware: Methodology and Threat Perspective</atitle><jtitle>International journal of advanced computer science &amp; applications</jtitle><date>2023</date><risdate>2023</risdate><volume>14</volume><issue>4</issue><issn>2158-107X</issn><eissn>2156-5570</eissn><abstract>The increasing use of powerful evasive ransomware malware in cyber warfare and targeted attacks is a persistent and growing challenge for nations, corporations, and small and medium-sized enterprises. This threat is evidenced by the emergence of the WhisperGate malware in cyber warfare, which targets organizations in Ukraine to render targeted devices inoperable, and the BlackCat malware, which targets large organizations by encrypting files. This paper outlines a practical approach to malware analysis using WhisperGate and BlackCat malware as samples. It subjects them to heuristic-based analysis techniques, including a combination of static, dynamic, hybrid, and memory analysis. Specifically, 12 tools and techniques were selected and deployed to reveal the malware’s innovative stealth and evasion capabilities. This methodology shows what techniques can be applied to analyze critical malware and differentiate samples that are variations of known threats. The paper presents currently available tools and their underlying approaches to performing automated dynamic analysis on potentially malicious software. The study thus demonstrates a practical approach to carrying out malware analysis to understand cybercriminals’ behavior, techniques, and tactics.</abstract><cop>West Yorkshire</cop><pub>Science and Information (SAI) Organization Limited</pub><doi>10.14569/IJACSA.2023.0140456</doi><oa>free_for_read</oa></addata></record>
fulltext fulltext
identifier ISSN: 2158-107X
ispartof International journal of advanced computer science & applications, 2023, Vol.14 (4)
issn 2158-107X
2156-5570
language eng
recordid cdi_proquest_journals_2819915997
source Publicly Available Content Database (Proquest) (PQ_SDU_P3); EZB Electronic Journals Library
subjects Cybersecurity
Electronic warfare
Malware
Organizations
Ransomware
title Analyzing WhisperGate and BlackCat Malware: Methodology and Threat Perspective
url http://sfxeu10.hosted.exlibrisgroup.com/loughborough?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-27T19%3A38%3A11IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Analyzing%20WhisperGate%20and%20BlackCat%20Malware:%20Methodology%20and%20Threat%20Perspective&rft.jtitle=International%20journal%20of%20advanced%20computer%20science%20&%20applications&rft.au=Nicho,%20Mathew&rft.date=2023&rft.volume=14&rft.issue=4&rft.issn=2158-107X&rft.eissn=2156-5570&rft_id=info:doi/10.14569/IJACSA.2023.0140456&rft_dat=%3Cproquest_cross%3E2819915997%3C/proquest_cross%3E%3Cgrp_id%3Ecdi_FETCH-LOGICAL-c274t-edaf419117541bc7e9890ebe6e47f9dd030cb7864da42e48792387f4c21527573%3C/grp_id%3E%3Coa%3E%3C/oa%3E%3Curl%3E%3C/url%3E&rft_id=info:oai/&rft_pqid=2819915997&rft_id=info:pmid/&rfr_iscdi=true