Dangers of Analysing Malware Samples

WARNING: Handling a malware sample is dangerous. Always consider precautions while analysing it.1

  • Always assume that malware samples will infect your device; hence executing it is not always the first and only step in analysing it.
  • Only run the malware sample in a controlled environment that prevents potential compromise of unwanted assets.
  • It is always recommended to have your sandbox, which allows you have a worry-free execution of malware samples.

Two Methodes of Analysis

  • Static Analysis1
    • analysing a malware sample without executing the code
    • analysing the binarys and searching for strings
    • Tools:
      • Strings
      • Detect It Easy (DIE)
      • CAPA detects capabilities in executable files
        • if malware is packed try to unpack with upx and CAPA again
  • Dynamic Analysis1
    • understanding the malware by executing it in a safe environment
    • Tools:
      • ProcMon a Windows tool that shows real-time registry, file system, and process/thread activity
        • Start Application and filter for Processname like …exe

References

  1. tryhackme: Advent of Cyber Day 12  2 3

You may also enjoy