Analisis Karakteristik Keluarga Ransomware Menggunakan ...
Transcript of Analisis Karakteristik Keluarga Ransomware Menggunakan ...
Analisis Karakteristik Keluarga Ransomware Menggunakan
Metode Analisis Dinamis
Tugas Akhir
Diajukan Untuk Memenuhi
Persyaratan Guna Meraih Gelar Sarjana
Informatika Universitas Muhammadiyah Malang
Bayu Karunia Putra
201510370311160
PROGRAM STUDI INFORMATIKA
FAKULTAS TEKNIK
UNIVERSITAS MUHAMMADIYAH MALANG
2021
ii
LEMBAR PERSETUJUAN
iii
LEMBAR PENGESAHAN
iv
LEMBAR PERNYATAAN KEASLIAN
v
KATA PENGANTAR
Puji syukur Alhamdulillah atas kehadirat Allah SWT yang telah memberikan
hidayah dan rahmat-Nya sehingga penulis dapat menyelesaikan Tugas Akhir yang
berjudul “ANALISIS KARAKTERISTIK KELUARGA RANSOMWARE
MENGGUNAKAN METODE ANALISIS DINAMIS” ini dengan baik. Dimana
Tugas Akhir ini di susun guna memenuhi persyaratan dalam meraih gelar Strata-1 di
Kampus Universitas Muhammadiyah Malang.
Penulis menyadari jika sepenuhnya penulisan Tugas Akhir ini masih memiliki
berbagai kekurangan, oleh sebab itu penulis berharap adanya saran dan kritik agar
tulisan ini dapat tersusun dengan lebih baik lagi sehingga mudah dipahami dan
memberikan manfaat bagi siapa saja yang membacanya.
Malang, 12 Maret 2021
Bayu Karunia Putra
vi
DAFTAR ISI
LEMBAR PERSETUJUAN......................................................................................... ii
LEMBAR PENGESAHAN ....................................................................................... iii
LEMBAR PERNYATAAN KEASLIAN ................................................................... iv
ABSTRAK ................................................................................................................... v
ABSTRACT ................................................................................................................ vi
LEMBAR PERSEMBAHAN .................................................................................... vii
KATA PENGANTAR ............................................................................................. viii
DAFTAR ISI ............................................................................................................... ix
DAFTAR GAMBAR ................................................................................................. xii
DAFTAR TABEL ...................................................................................................... xv
DAFTAR PUSTAKA ............................................................................................... xvi
BAB I ........................................................................................................................... 1
PENDAHULUAN ....................................................................................................... 1
1.1 Latar belakang ............................................................................................... 1
1.2 Rumusan Masalah ......................................................................................... 3
1.3 Tinjauan Penelitian ........................................................................................ 3
1.4 Batasan Masalah ............................................................................................ 3
1.5 Sistematika Penulisan .................................................................................... 4
BAB II .......................................................................................................................... 5
TINJAUAN PUSTAKA .............................................................................................. 5
2.1 Studi literatur ................................................................................................. 5
2.2 Ransomware .................................................................................................. 5
2.3 Crypto & Locker Ransomware ...................................................................... 6
2.4 Keluarga Ransomware .................................................................................. 6
2.5 Tipe File yang Ditargetkan ............................................................................ 6
vii
2.6 Enkripsi File .................................................................................................. 7
2.7 Teknik Penyerangan ...................................................................................... 7
2.8 Server C&C ................................................................................................... 7
2.9 Analisis Dinamis ........................................................................................... 7
2.10 Cuckoo Sandbox ............................................................................................ 8
2.11 Arsitektur Sistem Cuckoo Sandbox .............................................................. 9
2.12 Joe Sandbox ................................................................................................. 11
2.13 Arsitektur Sistem Joe Sandbox .................................................................... 11
BAB III ...................................................................................................................... 13
METODE PENELITIAN ........................................................................................... 13
3.1 Metode Penelitian ........................................................................................ 13
3.2 Cuckoo Sandbox .......................................................................................... 13
3.3 Joe Sandbox ................................................................................................. 14
3.4 Skenario Pengujian ...................................................................................... 15
3.4.1 Analisis Cuckoo Sandbox .................................................................... 15
3.4.2 Analisis Joe Sandbox ........................................................................... 16
BAB IV ...................................................................................................................... 18
HASIL DAN PEMBAHASAN .................................................................................. 18
4.1 Analisis Cuckoo Sandbox ........................................................................... 18
4.1.1 Locky.................................................................................................... 18
4.1.2 Cerber ................................................................................................... 21
4.1.3 Wannacry ............................................................................................. 25
4.1.4 Cryptowall ............................................................................................ 30
4.1.5 Petya ..................................................................................................... 34
4.2 Analisis Joe Sandbox ................................................................................... 37
4.2.1 Locky.................................................................................................... 37
4.2.2 Cerber ................................................................................................... 41
viii
4.2.3 Wannacry ............................................................................................. 44
4.2.4 Cryptowall ............................................................................................ 47
4.2.5 Petya ..................................................................................................... 51
4.3 Persamaan Behavior Malware ..................................................................... 53
4.3.1 Cuckoo Sandbox .................................................................................. 53
4.3.2 Joe Sandbox ......................................................................................... 54
BAB V ........................................................................................................................ 56
KESIMPULAN .......................................................................................................... 56
ix
DAFTAR GAMBAR
Gambar 2. 1 Arsitektur Utama pada Cuckoo Sandbox .............................................. 9
Gambar 2. 2 Arsitektur Sistem Joe Sandbox ............................................................ 11
Gambar 3. 1 Alur Analisis Cuckoo Sandbox ........................................................... 14
Gambar 3. 2 Alur Analisis Joe Sandbox .................................................................. 15
Gambar 3. 3 Mitre Att&ck Matrix ........................................................................... 17
Gambar 4. 1 Informasi File Malware Locky ............................................................ 18
Gambar 4. 2 Tindakan Berbahaya Malware Locky .................................................. 19
Gambar 4. 3 Tampilan Sistem saat Proses Penyerangan Malware ........................... 19
Gambar 4. 4 Dropped File Malware Locky .............................................................. 20
Gambar 4. 5 Daftar host pada malware locky .......................................................... 20
Gambar 4. 6 Daftar DNS pada Malware Locky ....................................................... 21
Gambar 4. 7 Informasi File Malware Cerber ........................................................... 21
Gambar 4. 8 Tindakan Berbahaya Malware Cerber ................................................. 22
Gambar 4. 9 Tampilan Sistem saat Proses Penyerangan Malware ........................... 23
Gambar 4. 10 Dropped file oleh malware cerber ..................................................... 23
Gambar 4. 11 Daftar Host pada Malware Cerber ..................................................... 24
Gambar 4. 12 Pencarian ip address host ................................................................... 24
Gambar 4. 13 Daftar DNS pada Malware Cerber .................................................... 25
Gambar 4. 14 Informasi File Malware Wannacry .................................................... 25
Gambar 4. 15 Tindakan Berbahaya Malware Wannacry ......................................... 26
Gambar 4. 16 Proses injeksi oleh wannacry ............................................................. 27
Gambar 4. 17 Penggunaan suspicious cmd oleh wannacry ...................................... 27
Gambar 4. 18 Tampilan sistem saat proses penyerangan wannacry ........................ 27
Gambar 4. 19 Dropped file oleh wannacry............................................................... 28
Gambar 4. 20 Daftar Host pada Malware Wannacry ............................................... 29
Gambar 4. 21 Penelusuran IP address host .............................................................. 29
Gambar 4. 22 Daftar dns pada malware wannacry ................................................... 30
Gambar 4. 23 Informasi File Malware Cryptowall .................................................. 30
Gambar 4. 24 Tindakan Berbahaya Malware Cryptowall ........................................ 31
Gambar 4. 25 Malware cryptowall melakukan manipulasi sistem ........................... 31
Gambar 4. 26 Malware melakukan injeksi kode ...................................................... 31
Gambar 4. 27 Malware melakukan eksekusi proses dan injeksi kode ..................... 32
x
Gambar 4. 28 Tampilan Sistem saat Proses Penyerangan Malware ......................... 32
Gambar 4. 29 Daftar host pada malware cryptowall ................................................ 33
Gambar 4. 30 Daftar DNS pada Malware cryptowall .............................................. 33
Gambar 4. 31 Informasi File Malware Petya ........................................................... 34
Gambar 4. 32 Tindakan Berbahaya Malware Petya ................................................. 34
Gambar 4. 33 Malware melakukan instalasi bootkit ................................................ 34
Gambar 4. 34 Tampilan Sistem saat Proses Penyerangan Malware ......................... 35
Gambar 4. 35 Tampilan Peringatan Oleh Malware Petya ........................................ 35
Gambar 4. 36 Daftar Host pada Malware Petya ....................................................... 36
Gambar 4. 37 Daftar DNS pada Malware Petya ...................................................... 36
Gambar 4. 38 Klasifikasi Malware Locky ............................................................... 37
Gambar 4. 39 Penyembunyian diri oleh malware locky .......................................... 38
Gambar 4. 40 Malware Locky Melakukan Injeksi Kode ......................................... 39
Gambar 4. 41 Drop PE File & Memindahkan Diri pada Direktori Temp ................ 39
Gambar 4. 42 Melakukan Pembongkaran dan Mengubah Hak Izin Header PE ...... 39
Gambar 4. 43 Menghapus backup data sistem ......................................................... 39
Gambar 4. 44 Drop File Oleh Malware Locky ......................................................... 40
Gambar 4. 45 Melakukan Enkripsi dan Pemindahan File ........................................ 40
Gambar 4. 46 Melakukan Perubahan Wallpaper Sistem (Defacement) ................... 40
Gambar 4. 47 Klasifikasi Malware cerber ................................................................ 41
Gambar 4. 48 Modifikasi Pengaturan Jaringan & Firewall ...................................... 42
Gambar 4. 49 Pembongkaran Terhadapt Header PE ................................................ 42
Gambar 4. 50 Melakukan pemeriksaan perangkat pada jaringan ............................. 43
Gambar 4. 51 Penggunaan Proxy ............................................................................. 43
Gambar 4. 52 Melakukan Enkripsi dan Penggantian Wallpaper (Defacement) ....... 43
Gambar 4. 53 Klasifikasi Malware Wannacry ......................................................... 44
Gambar 4. 54 Malware wannacry melakukan analisis delay ................................... 45
Gambar 4. 55 Melakukan penyembunyian pada recycle bin.................................... 45
Gambar 4. 56 Penghapusan backup sistem data ....................................................... 46
Gambar 4. 57 Penggunaan Proxy ............................................................................. 46
Gambar 4. 58 Enksripsi File dan Dokumen ............................................................. 46
Gambar 4. 59 Klasifikasi Malware Cryptowall ........................................................ 47
Gambar 4. 60 Melakukan Load Pada Missing DLL File ......................................... 48
Gambar 4. 61 Menyimpan Data Biner pada registry windows ................................ 48
xi
Gambar 4. 62 Mendeteksi Virtualisasi dan Melakukan Check debug ..................... 49
Gambar 4. 63 Melakukan Pembongkara File dan Mengakses missing DLL ........... 49
Gambar 4. 64 Menangkap riwayat inputan keyboard .............................................. 50
Gambar 4. 65 Melakukan Pengamatan pada Registry Key Tertentu ....................... 50
Gambar 4. 66 Mendeteksi Virtualisasi dan Pengecekan Proses Debug ................... 50
Gambar 4. 67 Klasifikasi Malware Petya ................................................................. 51
Gambar 4. 68 Mengubah dan Melakukan Infeksi Boot pada Hard Disk ................. 52
Gambar 4. 69 Melakukan writes pada hardisk ......................................................... 53
Gambar 4. 70 Penggunaan proxy ............................................................................. 53
Gambar 4. 71 Membuat sistem shutdown ................................................................ 53
xii
DAFTAR TABEL
Tabel 2. 1 Perbandingan Fitur Platform Sandbox ....................................................... 8
Tabel 4. 1 Deskripsi dropped file wannacry .............................................................. 28
Tabel 4. 2 Mitre Att&ck Matrix Malware Locky ...................................................... 38
Tabel 4. 3 Mitre Att&ck Matrix Malware Cerber ..................................................... 42
Tabel 4. 4 Mitre Att&ck Matrix Malware Wannacry................................................ 45
Tabel 4. 5 Mitre Att&ck Matrix Malware Cryptowall .............................................. 47
Tabel 4. 6 Mitre Att&ck Matrix Malware Petya ....................................................... 52
Tabel 4. 7 Persamaan behavior malware pada cuckoo sandbox ............................... 54
Tabel 4. 8 Persamaan Behavior Malware pada Joe Sandbox .................................... 55
xiii
DAFTAR LAMPIRAN
Gambar 1 Informasi file malware locky cuckoo sandbox ....................................... 59
Gambar 2 Hasil Analisis Tindakan Berbahaya Malware Locky Menggunakan
Cuckoo Sandbox ........................................................................................................ 59
Gambar 3 Dropped file malware locky menggunakan cuckoo sandbox ................. 59
Gambar 4 Hasil Analisis Jaringan Host Malware Locky Menggunakan Cuckoo
Sandbox ...................................................................................................................... 60
Gambar 5 Hasil Analisis Jaringan DNS Malware Locky Menggunakan Cuckoo
Sandbox ...................................................................................................................... 60
Gambar 6 Hasil Informasi File Malware Cerber dari Cuckoo Sandbox ................. 60
Gambar 7 Hasil Analisis Tindakan Berbahaya Malware Locky Menggunakan
Cuckoo Sandbox ........................................................................................................ 61
Gambar 8 Tampilan sistem setelah malware cerber berhasilkan melakukan
penyerangan ............................................................................................................... 61
Gambar 9 Hasil Dropped File Malware Cerber Menggunakan Cuckoo Sandbox .. 62
Gambar 10 Hasil Analisis Jaringan Host Malware Cerber Menggunakan Cuckoo
Sandbox ...................................................................................................................... 62
Gambar 11 Hasil Analisis Jaringan DNS Malware Cerber Menggunakan Cuckoo
Sandbox ...................................................................................................................... 62
Gambar 12 Hasil Informasi File Malware Wannacry dari Cuckoo Sandbox .......... 63
Gambar 13 Hasil Analisis Tindakan Berbahaya Malware Wannacry Menggunakan
Cuckoo Sandbox ........................................................................................................ 63
Gambar 14 Hasil Dropped File Malware Wannacry Menggunakan Cuckoo
Sandbox ...................................................................................................................... 63
Gambar 15 Hasil Analisis Jaringan Host Malware Wannacry Menggunakan
Cuckoo Sandbox ........................................................................................................ 64
Gambar 16 Hasil analisis jaringan DNS malware wannacry menggunakan Cuckoo
Sandbox ...................................................................................................................... 64
Gambar 17 Hasil Informasi File Malware Cryptowall dari Cuckoo Sandbox ........ 64
Gambar 18 Hasil Analisis Tindakan Berbahaya Malware Cryptowall Menggunakan
Cuckoo Sandbox ........................................................................................................ 65
Gambar 19 Hasil Analisis Jaringan Host Malware Cryptowall Menggunakan
Cuckoo Sandbox ........................................................................................................ 65
xiv
Gambar 20 Hasil Analisis Jaringan DNS Malware Locky Menggunakan Cuckoo
Sandbox ...................................................................................................................... 65
Gambar 21 Hasil Informasi File Malware Petya dari Cuckoo Sandbox ................. 66
Gambar 22 Hasil Analisis Tindakan Berbahaya Malware Petya Menggunakan
Cuckoo Sandbox ........................................................................................................ 66
Gambar 23 Tampilan Sistem setelah Malware Petya Melakukan Penyerangan ..... 66
Gambar 24 Hasil Analisis Jaringan Host Malware Petya Menggunakan Cuckoo
Sandbox ...................................................................................................................... 67
Gambar 25 Hasil Analisis Jaringan DNS Malware Petya Menggunakan Cuckoo
Sandbox ...................................................................................................................... 67
Gambar 26 Klasifikasi Malware Locky dari Joe Sandbox ...................................... 67
Gambar 27 Mitre Att&ck Matrix Malware Locky .................................................. 68
Gambar 28 Klasifikasi Malware Cerber dari Joe Sandbox ..................................... 68
Gambar 29 Mitre Att&ck Matrix Malware Cerber ................................................. 69
Gambar 30 Klasifikasi Malware Wannacry dari Joe Sandbox ................................ 69
Gambar 31 Mitre Att&ck Matrix Malware Wannacry ............................................ 70
Gambar 32 Klasifikasi Malware Cryptowall dari Joe Sandbox .............................. 70
Gambar 33 Mitre Att&ck Matrix Malware Cryptowall .......................................... 71
Gambar 34 Klasifikasi Malware Petya dari Joe Sandbox ....................................... 71
Gambar 35 Mitre Att&ck Matrix Malware Petya.…………………………………72
xv
DAFTAR PUSTAKA
[1] E. P. Torres P. and S. G. Yoo, “Detecting and neutralizing encrypting
Ransomware attacks by using machine-learning techniques: A literature
review,” International Journal of Applied Engineering Research. 2017.
[2] A. Kharaz, S. Arshad, C. Mulliner, W. Robertson, C. Mulliner, and W.
Robertson, “UNVEIL : A Large-Scale , Automated Approach to Detecting
Ransomware This paper is included in the Proceedings of the,” Proc. 2014
VIRUS Bull. Conf., 2016.
[3] S. Megira, A. R. Pangesti, and F. W. Wibowo, “Malware Analysis and
Detection Using Reverse Engineering Technique,” J. Phys. Conf. Ser., vol.
1140, no. 1, 2018, doi: 10.1088/1742-6596/1140/1/012042.
[4] S. H. Kok, A. Abdullah, N. Z. Jhanjhi, and M. Supramaniam, “Ransomware,
Threat and Detection Techniques: A Review,” IJCSNS Int. J. Comput. Sci.
Netw. Secur., 2019.
[5] M. Anghel and A. Racautanu, “A note on different types of ransomware
attacks,” Cryptol. ePrint Arch., 2019.
[6] S. Jamalpur, Y. S. Navya, P. Raja, G. Tagore, and G. R. K. Rao, “Dynamic
Malware Analysis Using Cuckoo Sandbox,” Proc. Int. Conf. Inven. Commun.
Comput. Technol. ICICCT 2018, no. Icicct, pp. 1056–1060, 2018, doi:
10.1109/ICICCT.2018.8473346.
[7] N. Zalavadiya and P. D. Sharma, “A Methodology of Malware Analysis, Tools
and Technique for windows platform – RAT Analysis,” Int. J. Innov. Res.
Comput. Commun. Eng., 2017, doi: 10.15680/IJIRCCE.2017.
[8] G. Hull, H. John, and B. Arief, “Ransomware deployment methods and
analysis: views from a predictive model and human responses,” Crime Sci.,
2019, doi: 10.1186/s40163-019-0097-9.
[9] H. U. Salvi and R. V. Kerkar, “Ransomware: A Cyber Extortion,” Asian J.
Converg. Technol., 2015.
[10] A. Tk, “Discussion On Ransomware,Wannacry Ransomware and Cloud
xvi
Storage Services Against Ransom Malware Attacks,” 2017.
[11] D. O’Brien, “Internet Security Threat Report - Ransomware 2017,” Symantec,
2017.
[12] K. Savage, P. Coogan, and H. Lau, “The Evolution of Ransomware,” Res.
Manag., 2015, doi: 10.5437/08956308X5405012.
[13] N. Hampton and Z. A. Baig, “Ransomware: Emergence of the cyber-extortion
menace,” Proc. the13th Aust. Inf. Secur. Manag., 2015, doi:
10.4225/75/57b69aa9d938b.
[14] A. Kharraz, W. Robertson, and E. Kirda, “Protecting against Ransomware: A
New Line of Research or Restating Classic Ideas?,” IEEE Secur. Priv., 2018,
doi: 10.1109/MSP.2018.2701165.
[15] M. A. Qbeitah and M. Aldwairi, “Dynamic malware analysis of phishing
emails,” 2018, doi: 10.1109/IACS.2018.8355435.
[16] Advernesia, “Pengertian Data Kuantitatif dan Kualitatif serta Contohnya,”
Advernesia, 2017.
[17] cuckoo sandbox, “Installing Python libraries (on Ubuntu/Debian-based
distributions).”
https://cuckoo.readthedocs.io/en/latest/installation/host/requirements/.
[18] Netsec.id, “Mengenal tcpdump Dan Kegunaannya.” https://netsec.id/tcpdump/.
[19] joe sandbox, “Why Joe Sandbox,” 2021. https://www.joesecurity.org/why-joe-
sandbox.
[20] joe security’s blog, “Joe Sandbox View - The threat hunting & search engine,”
2017. https://www.joesecurity.org/blog/5365387755927199664.
18
SERTIFIKAT PLAGIASI