Analisis Karakteristik Keluarga Ransomware Menggunakan ...

Analisis Karakteristik Keluarga Ransomware Menggunakan

Metode Analisis Dinamis

Tugas Akhir

Diajukan Untuk Memenuhi

Persyaratan Guna Meraih Gelar Sarjana

Informatika Universitas Muhammadiyah Malang

Bayu Karunia Putra

201510370311160

PROGRAM STUDI INFORMATIKA

FAKULTAS TEKNIK

UNIVERSITAS MUHAMMADIYAH MALANG

2021

ii

LEMBAR PERSETUJUAN

iii

LEMBAR PENGESAHAN

iv

LEMBAR PERNYATAAN KEASLIAN

v

KATA PENGANTAR

Puji syukur Alhamdulillah atas kehadirat Allah SWT yang telah memberikan

hidayah dan rahmat-Nya sehingga penulis dapat menyelesaikan Tugas Akhir yang

berjudul “ANALISIS KARAKTERISTIK KELUARGA RANSOMWARE

MENGGUNAKAN METODE ANALISIS DINAMIS” ini dengan baik. Dimana

Tugas Akhir ini di susun guna memenuhi persyaratan dalam meraih gelar Strata-1 di

Kampus Universitas Muhammadiyah Malang.

Penulis menyadari jika sepenuhnya penulisan Tugas Akhir ini masih memiliki

berbagai kekurangan, oleh sebab itu penulis berharap adanya saran dan kritik agar

tulisan ini dapat tersusun dengan lebih baik lagi sehingga mudah dipahami dan

memberikan manfaat bagi siapa saja yang membacanya.

Malang, 12 Maret 2021

Bayu Karunia Putra

vi

DAFTAR ISI

LEMBAR PERSETUJUAN......................................................................................... ii

LEMBAR PENGESAHAN ....................................................................................... iii

LEMBAR PERNYATAAN KEASLIAN ................................................................... iv

ABSTRAK ................................................................................................................... v

ABSTRACT ................................................................................................................ vi

LEMBAR PERSEMBAHAN .................................................................................... vii

KATA PENGANTAR ............................................................................................. viii

DAFTAR ISI ............................................................................................................... ix

DAFTAR GAMBAR ................................................................................................. xii

DAFTAR TABEL ...................................................................................................... xv

DAFTAR PUSTAKA ............................................................................................... xvi

BAB I ........................................................................................................................... 1

PENDAHULUAN ....................................................................................................... 1

1.1 Latar belakang ............................................................................................... 1

1.2 Rumusan Masalah ......................................................................................... 3

1.3 Tinjauan Penelitian ........................................................................................ 3

1.4 Batasan Masalah ............................................................................................ 3

1.5 Sistematika Penulisan .................................................................................... 4

BAB II .......................................................................................................................... 5

TINJAUAN PUSTAKA .............................................................................................. 5

2.1 Studi literatur ................................................................................................. 5

2.2 Ransomware .................................................................................................. 5

2.3 Crypto & Locker Ransomware ...................................................................... 6

2.4 Keluarga Ransomware .................................................................................. 6

2.5 Tipe File yang Ditargetkan ............................................................................ 6

vii

2.6 Enkripsi File .................................................................................................. 7

2.7 Teknik Penyerangan ...................................................................................... 7

2.8 Server C&C ................................................................................................... 7

2.9 Analisis Dinamis ........................................................................................... 7

2.10 Cuckoo Sandbox ............................................................................................ 8

2.11 Arsitektur Sistem Cuckoo Sandbox .............................................................. 9

2.12 Joe Sandbox ................................................................................................. 11

2.13 Arsitektur Sistem Joe Sandbox .................................................................... 11

BAB III ...................................................................................................................... 13

METODE PENELITIAN ........................................................................................... 13

3.1 Metode Penelitian ........................................................................................ 13

3.2 Cuckoo Sandbox .......................................................................................... 13

3.3 Joe Sandbox ................................................................................................. 14

3.4 Skenario Pengujian ...................................................................................... 15

3.4.1 Analisis Cuckoo Sandbox .................................................................... 15

3.4.2 Analisis Joe Sandbox ........................................................................... 16

BAB IV ...................................................................................................................... 18

HASIL DAN PEMBAHASAN .................................................................................. 18

4.1 Analisis Cuckoo Sandbox ........................................................................... 18

4.1.1 Locky.................................................................................................... 18

4.1.2 Cerber ................................................................................................... 21

4.1.3 Wannacry ............................................................................................. 25

4.1.4 Cryptowall ............................................................................................ 30

4.1.5 Petya ..................................................................................................... 34

4.2 Analisis Joe Sandbox ................................................................................... 37

4.2.1 Locky.................................................................................................... 37

4.2.2 Cerber ................................................................................................... 41

viii

4.2.3 Wannacry ............................................................................................. 44

4.2.4 Cryptowall ............................................................................................ 47

4.2.5 Petya ..................................................................................................... 51

4.3 Persamaan Behavior Malware ..................................................................... 53

4.3.1 Cuckoo Sandbox .................................................................................. 53

4.3.2 Joe Sandbox ......................................................................................... 54

BAB V ........................................................................................................................ 56

KESIMPULAN .......................................................................................................... 56

ix

DAFTAR GAMBAR

Gambar 2. 1 Arsitektur Utama pada Cuckoo Sandbox .............................................. 9

Gambar 2. 2 Arsitektur Sistem Joe Sandbox ............................................................ 11

Gambar 3. 1 Alur Analisis Cuckoo Sandbox ........................................................... 14

Gambar 3. 2 Alur Analisis Joe Sandbox .................................................................. 15

Gambar 3. 3 Mitre Att&ck Matrix ........................................................................... 17

Gambar 4. 1 Informasi File Malware Locky ............................................................ 18

Gambar 4. 2 Tindakan Berbahaya Malware Locky .................................................. 19

Gambar 4. 3 Tampilan Sistem saat Proses Penyerangan Malware ........................... 19

Gambar 4. 4 Dropped File Malware Locky .............................................................. 20

Gambar 4. 5 Daftar host pada malware locky .......................................................... 20

Gambar 4. 6 Daftar DNS pada Malware Locky ....................................................... 21

Gambar 4. 7 Informasi File Malware Cerber ........................................................... 21

Gambar 4. 8 Tindakan Berbahaya Malware Cerber ................................................. 22

Gambar 4. 9 Tampilan Sistem saat Proses Penyerangan Malware ........................... 23

Gambar 4. 10 Dropped file oleh malware cerber ..................................................... 23

Gambar 4. 11 Daftar Host pada Malware Cerber ..................................................... 24

Gambar 4. 12 Pencarian ip address host ................................................................... 24

Gambar 4. 13 Daftar DNS pada Malware Cerber .................................................... 25

Gambar 4. 14 Informasi File Malware Wannacry .................................................... 25

Gambar 4. 15 Tindakan Berbahaya Malware Wannacry ......................................... 26

Gambar 4. 16 Proses injeksi oleh wannacry ............................................................. 27

Gambar 4. 17 Penggunaan suspicious cmd oleh wannacry ...................................... 27

Gambar 4. 18 Tampilan sistem saat proses penyerangan wannacry ........................ 27

Gambar 4. 19 Dropped file oleh wannacry............................................................... 28

Gambar 4. 20 Daftar Host pada Malware Wannacry ............................................... 29

Gambar 4. 21 Penelusuran IP address host .............................................................. 29

Gambar 4. 22 Daftar dns pada malware wannacry ................................................... 30

Gambar 4. 23 Informasi File Malware Cryptowall .................................................. 30

Gambar 4. 24 Tindakan Berbahaya Malware Cryptowall ........................................ 31

Gambar 4. 25 Malware cryptowall melakukan manipulasi sistem ........................... 31

Gambar 4. 26 Malware melakukan injeksi kode ...................................................... 31

Gambar 4. 27 Malware melakukan eksekusi proses dan injeksi kode ..................... 32

x

Gambar 4. 28 Tampilan Sistem saat Proses Penyerangan Malware ......................... 32

Gambar 4. 29 Daftar host pada malware cryptowall ................................................ 33

Gambar 4. 30 Daftar DNS pada Malware cryptowall .............................................. 33

Gambar 4. 31 Informasi File Malware Petya ........................................................... 34

Gambar 4. 32 Tindakan Berbahaya Malware Petya ................................................. 34

Gambar 4. 33 Malware melakukan instalasi bootkit ................................................ 34

Gambar 4. 34 Tampilan Sistem saat Proses Penyerangan Malware ......................... 35

Gambar 4. 35 Tampilan Peringatan Oleh Malware Petya ........................................ 35

Gambar 4. 36 Daftar Host pada Malware Petya ....................................................... 36

Gambar 4. 37 Daftar DNS pada Malware Petya ...................................................... 36

Gambar 4. 38 Klasifikasi Malware Locky ............................................................... 37

Gambar 4. 39 Penyembunyian diri oleh malware locky .......................................... 38

Gambar 4. 40 Malware Locky Melakukan Injeksi Kode ......................................... 39

Gambar 4. 41 Drop PE File & Memindahkan Diri pada Direktori Temp ................ 39

Gambar 4. 42 Melakukan Pembongkaran dan Mengubah Hak Izin Header PE ...... 39

Gambar 4. 43 Menghapus backup data sistem ......................................................... 39

Gambar 4. 44 Drop File Oleh Malware Locky ......................................................... 40

Gambar 4. 45 Melakukan Enkripsi dan Pemindahan File ........................................ 40

Gambar 4. 46 Melakukan Perubahan Wallpaper Sistem (Defacement) ................... 40

Gambar 4. 47 Klasifikasi Malware cerber ................................................................ 41

Gambar 4. 48 Modifikasi Pengaturan Jaringan & Firewall ...................................... 42

Gambar 4. 49 Pembongkaran Terhadapt Header PE ................................................ 42

Gambar 4. 50 Melakukan pemeriksaan perangkat pada jaringan ............................. 43

Gambar 4. 51 Penggunaan Proxy ............................................................................. 43

Gambar 4. 52 Melakukan Enkripsi dan Penggantian Wallpaper (Defacement) ....... 43

Gambar 4. 53 Klasifikasi Malware Wannacry ......................................................... 44

Gambar 4. 54 Malware wannacry melakukan analisis delay ................................... 45

Gambar 4. 55 Melakukan penyembunyian pada recycle bin.................................... 45

Gambar 4. 56 Penghapusan backup sistem data ....................................................... 46

Gambar 4. 57 Penggunaan Proxy ............................................................................. 46

Gambar 4. 58 Enksripsi File dan Dokumen ............................................................. 46

Gambar 4. 59 Klasifikasi Malware Cryptowall ........................................................ 47

Gambar 4. 60 Melakukan Load Pada Missing DLL File ......................................... 48

Gambar 4. 61 Menyimpan Data Biner pada registry windows ................................ 48

xi

Gambar 4. 62 Mendeteksi Virtualisasi dan Melakukan Check debug ..................... 49

Gambar 4. 63 Melakukan Pembongkara File dan Mengakses missing DLL ........... 49

Gambar 4. 64 Menangkap riwayat inputan keyboard .............................................. 50

Gambar 4. 65 Melakukan Pengamatan pada Registry Key Tertentu ....................... 50

Gambar 4. 66 Mendeteksi Virtualisasi dan Pengecekan Proses Debug ................... 50

Gambar 4. 67 Klasifikasi Malware Petya ................................................................. 51

Gambar 4. 68 Mengubah dan Melakukan Infeksi Boot pada Hard Disk ................. 52

Gambar 4. 69 Melakukan writes pada hardisk ......................................................... 53

Gambar 4. 70 Penggunaan proxy ............................................................................. 53

Gambar 4. 71 Membuat sistem shutdown ................................................................ 53

xii

DAFTAR TABEL

Tabel 2. 1 Perbandingan Fitur Platform Sandbox ....................................................... 8

Tabel 4. 1 Deskripsi dropped file wannacry .............................................................. 28

Tabel 4. 2 Mitre Att&ck Matrix Malware Locky ...................................................... 38

Tabel 4. 3 Mitre Att&ck Matrix Malware Cerber ..................................................... 42

Tabel 4. 4 Mitre Att&ck Matrix Malware Wannacry................................................ 45

Tabel 4. 5 Mitre Att&ck Matrix Malware Cryptowall .............................................. 47

Tabel 4. 6 Mitre Att&ck Matrix Malware Petya ....................................................... 52

Tabel 4. 7 Persamaan behavior malware pada cuckoo sandbox ............................... 54

Tabel 4. 8 Persamaan Behavior Malware pada Joe Sandbox .................................... 55

xiii

DAFTAR LAMPIRAN

Gambar 1 Informasi file malware locky cuckoo sandbox ....................................... 59

Gambar 2 Hasil Analisis Tindakan Berbahaya Malware Locky Menggunakan

Cuckoo Sandbox ........................................................................................................ 59

Gambar 3 Dropped file malware locky menggunakan cuckoo sandbox ................. 59

Gambar 4 Hasil Analisis Jaringan Host Malware Locky Menggunakan Cuckoo

Sandbox ...................................................................................................................... 60

Gambar 5 Hasil Analisis Jaringan DNS Malware Locky Menggunakan Cuckoo

Sandbox ...................................................................................................................... 60

Gambar 6 Hasil Informasi File Malware Cerber dari Cuckoo Sandbox ................. 60

Gambar 7 Hasil Analisis Tindakan Berbahaya Malware Locky Menggunakan

Cuckoo Sandbox ........................................................................................................ 61

Gambar 8 Tampilan sistem setelah malware cerber berhasilkan melakukan

penyerangan ............................................................................................................... 61

Gambar 9 Hasil Dropped File Malware Cerber Menggunakan Cuckoo Sandbox .. 62

Gambar 10 Hasil Analisis Jaringan Host Malware Cerber Menggunakan Cuckoo

Sandbox ...................................................................................................................... 62

Gambar 11 Hasil Analisis Jaringan DNS Malware Cerber Menggunakan Cuckoo

Sandbox ...................................................................................................................... 62

Gambar 12 Hasil Informasi File Malware Wannacry dari Cuckoo Sandbox .......... 63

Gambar 13 Hasil Analisis Tindakan Berbahaya Malware Wannacry Menggunakan

Cuckoo Sandbox ........................................................................................................ 63

Gambar 14 Hasil Dropped File Malware Wannacry Menggunakan Cuckoo

Sandbox ...................................................................................................................... 63

Gambar 15 Hasil Analisis Jaringan Host Malware Wannacry Menggunakan

Cuckoo Sandbox ........................................................................................................ 64

Gambar 16 Hasil analisis jaringan DNS malware wannacry menggunakan Cuckoo

Sandbox ...................................................................................................................... 64

Gambar 17 Hasil Informasi File Malware Cryptowall dari Cuckoo Sandbox ........ 64

Gambar 18 Hasil Analisis Tindakan Berbahaya Malware Cryptowall Menggunakan

Cuckoo Sandbox ........................................................................................................ 65

Gambar 19 Hasil Analisis Jaringan Host Malware Cryptowall Menggunakan

Cuckoo Sandbox ........................................................................................................ 65

xiv

Gambar 20 Hasil Analisis Jaringan DNS Malware Locky Menggunakan Cuckoo

Sandbox ...................................................................................................................... 65

Gambar 21 Hasil Informasi File Malware Petya dari Cuckoo Sandbox ................. 66

Gambar 22 Hasil Analisis Tindakan Berbahaya Malware Petya Menggunakan

Cuckoo Sandbox ........................................................................................................ 66

Gambar 23 Tampilan Sistem setelah Malware Petya Melakukan Penyerangan ..... 66

Gambar 24 Hasil Analisis Jaringan Host Malware Petya Menggunakan Cuckoo

Sandbox ...................................................................................................................... 67

Gambar 25 Hasil Analisis Jaringan DNS Malware Petya Menggunakan Cuckoo

Sandbox ...................................................................................................................... 67

Gambar 26 Klasifikasi Malware Locky dari Joe Sandbox ...................................... 67

Gambar 27 Mitre Att&ck Matrix Malware Locky .................................................. 68

Gambar 28 Klasifikasi Malware Cerber dari Joe Sandbox ..................................... 68

Gambar 29 Mitre Att&ck Matrix Malware Cerber ................................................. 69

Gambar 30 Klasifikasi Malware Wannacry dari Joe Sandbox ................................ 69

Gambar 31 Mitre Att&ck Matrix Malware Wannacry ............................................ 70

Gambar 32 Klasifikasi Malware Cryptowall dari Joe Sandbox .............................. 70

Gambar 33 Mitre Att&ck Matrix Malware Cryptowall .......................................... 71

Gambar 34 Klasifikasi Malware Petya dari Joe Sandbox ....................................... 71

Gambar 35 Mitre Att&ck Matrix Malware Petya.…………………………………72

xv

DAFTAR PUSTAKA

[1] E. P. Torres P. and S. G. Yoo, “Detecting and neutralizing encrypting

Ransomware attacks by using machine-learning techniques: A literature

review,” International Journal of Applied Engineering Research. 2017.

[2] A. Kharaz, S. Arshad, C. Mulliner, W. Robertson, C. Mulliner, and W.

Robertson, “UNVEIL : A Large-Scale , Automated Approach to Detecting

Ransomware This paper is included in the Proceedings of the,” Proc. 2014

VIRUS Bull. Conf., 2016.

[3] S. Megira, A. R. Pangesti, and F. W. Wibowo, “Malware Analysis and

Detection Using Reverse Engineering Technique,” J. Phys. Conf. Ser., vol.

1140, no. 1, 2018, doi: 10.1088/1742-6596/1140/1/012042.

[4] S. H. Kok, A. Abdullah, N. Z. Jhanjhi, and M. Supramaniam, “Ransomware,

Threat and Detection Techniques: A Review,” IJCSNS Int. J. Comput. Sci.

Netw. Secur., 2019.

[5] M. Anghel and A. Racautanu, “A note on different types of ransomware

attacks,” Cryptol. ePrint Arch., 2019.

[6] S. Jamalpur, Y. S. Navya, P. Raja, G. Tagore, and G. R. K. Rao, “Dynamic

Malware Analysis Using Cuckoo Sandbox,” Proc. Int. Conf. Inven. Commun.

Comput. Technol. ICICCT 2018, no. Icicct, pp. 1056–1060, 2018, doi:

10.1109/ICICCT.2018.8473346.

[7] N. Zalavadiya and P. D. Sharma, “A Methodology of Malware Analysis, Tools

and Technique for windows platform – RAT Analysis,” Int. J. Innov. Res.

Comput. Commun. Eng., 2017, doi: 10.15680/IJIRCCE.2017.

[8] G. Hull, H. John, and B. Arief, “Ransomware deployment methods and

analysis: views from a predictive model and human responses,” Crime Sci.,

2019, doi: 10.1186/s40163-019-0097-9.

[9] H. U. Salvi and R. V. Kerkar, “Ransomware: A Cyber Extortion,” Asian J.

Converg. Technol., 2015.

[10] A. Tk, “Discussion On Ransomware,Wannacry Ransomware and Cloud

xvi

Storage Services Against Ransom Malware Attacks,” 2017.

[11] D. O’Brien, “Internet Security Threat Report - Ransomware 2017,” Symantec,

2017.

[12] K. Savage, P. Coogan, and H. Lau, “The Evolution of Ransomware,” Res.

Manag., 2015, doi: 10.5437/08956308X5405012.

[13] N. Hampton and Z. A. Baig, “Ransomware: Emergence of the cyber-extortion

menace,” Proc. the13th Aust. Inf. Secur. Manag., 2015, doi:

10.4225/75/57b69aa9d938b.

[14] A. Kharraz, W. Robertson, and E. Kirda, “Protecting against Ransomware: A

New Line of Research or Restating Classic Ideas?,” IEEE Secur. Priv., 2018,

doi: 10.1109/MSP.2018.2701165.

[15] M. A. Qbeitah and M. Aldwairi, “Dynamic malware analysis of phishing

emails,” 2018, doi: 10.1109/IACS.2018.8355435.

[16] Advernesia, “Pengertian Data Kuantitatif dan Kualitatif serta Contohnya,”

Advernesia, 2017.

[17] cuckoo sandbox, “Installing Python libraries (on Ubuntu/Debian-based

distributions).”

https://cuckoo.readthedocs.io/en/latest/installation/host/requirements/.

[18] Netsec.id, “Mengenal tcpdump Dan Kegunaannya.” https://netsec.id/tcpdump/.

[19] joe sandbox, “Why Joe Sandbox,” 2021. https://www.joesecurity.org/why-joe-

sandbox.

[20] joe security’s blog, “Joe Sandbox View - The threat hunting & search engine,”

2017. https://www.joesecurity.org/blog/5365387755927199664.

18

SERTIFIKAT PLAGIASI

Analisis Karakteristik Keluarga Ransomware Menggunakan ...

Documents

Transcript of Analisis Karakteristik Keluarga Ransomware Menggunakan ...