Malware Analysis

Malware

Malware is malicious software. It refer to any software that design to harm or exploit or destroy computer system. Any software that purposely build to harm the integrity and safety of system is called as Malware.

Type of Malware :

Viruses : Replicate itself and able to spread to another computer. Virus spread via attaching it to program or files.
Worms : Replicate itself and able to spread to another computer via network.
Trojans : Act as legitimate software with malicious code. It can be carried for other malware and harmful activities (keylogger or remote control) (RAT)
Ransomware : encrypt file of victim and demand payment.
Adware : display unwanted advertisement
Backdoor : Leaving backdoor for attacker come again.
Banking Malware : malware that target banking application and cause money being stolen.
Bot/Botnet : Machine that infected by malware (slave).
Rootkit : Gain privilege access/Super admin without being detected (LOLbin). Remote root access to a computer.
Spyware: monitor the activities (passive action)(versus trojan)

-- Extra, downloader vs Dropper

Downloader only download when receive command from server .
Dropper already attached with file

Malware can be spread through multiple medium such as email attachment, downloaded file or exploiting vulnerability in software system or operating system. Some malware are combination of other malware such as Wanna-cry, it come from worm and ransomware.

What is Malware Analysis

Malware analysis is process examine malware sample in order to get better understanding of it behavior and capability. The objective of malware analysis is to understand the working of malware and how to detect and eliminate it. It involves analyzing the suspect binary in a safe environment to identify its characteristics and functionalities so that better defenses can be built to protect an organization's network

Type of Malware Analysis

Static Analysis : In simple word, running malware without execute it. Reverse engineering method done here. (tobecontinue)

Dynamic Analysis : Analysis the behaviour malware by running it on system. (tbd)

Memory Analysis : Analyzing the computer RAM for forensics artifacts. Get better understanding after infection.it also use to determine the stealth and evasive capabilities of the malware

Next will cover on setting up lab environment.

PreviousMalware Things NextPrivilege Escalation

Last updated 10 months ago

Type of Malware :

Viruses : Replicate itself and able to spread to another computer. Virus spread via attaching it to program or files.

Worms : Replicate itself and able to spread to another computer via network.

Trojans : Act as legitimate software with malicious code. It can be carried for other malware and harmful activities (keylogger or remote control) (RAT)

Ransomware : encrypt file of victim and demand payment.

Adware : display unwanted advertisement

Backdoor : Leaving backdoor for attacker come again.

Banking Malware : malware that target banking application and cause money being stolen.

Bot/Botnet : Machine that infected by malware (slave).

Rootkit : Gain privilege access/Super admin without being detected (LOLbin). Remote root access to a computer.

Spyware: monitor the activities (passive action)(versus trojan)