This is the first video in a series where we will reverse engineer the infamous WannaCry ransomware.

In this part, we look at how the infamous killswitch integrated into WannaCry worked, and what WannaCry does to create persistence on a system. In the next videos we will then look at the ransomware and the worm module itself!

You can find the sample used in the video here, please be careful to not run it on any important machine though! The ZIP’s password is ghidra.ninja.

Wannacry.zip - SHA: ed49be9f798fec1b4320465053cb620bf296154a

You can find further resources on WannaCry here:

About the killswitch: