Practical Malware Analysis (Introductory)

Hi folks, just started the series on PMA (Practical Malware Analysis). Being an analyst i would recommend to gain expertise on "Malware Analysis". This blog help us to quick recap the concepts of malware as well as from analysis perspective. We'll start from basic and proceed towards advance level.

Introduction:

Malware refers to "Malicious Binary" which is instructive by the threat actors (called as "Hackers") to achieve their motives. Motives can be vary like it could be data stealing, damage/destroy organization systems.

  • Viruses
  • Worms
  • Trojan
  • Spyware
  • Adware
  • Ransomware

Aforementioned names are the malware types which is collectively called "Malware". Let's jump into the main topic of this blog without going into the details.

Malware Analysis:

Malware analysis is the process of understanding the working flow/behavior/malicious activity of malware. The results of the malware analysis help the analysts to detect and prevent the threats. Analysts can also use this originated information to attribute the malware to specific threat actor. The main goal of malware analysis is to collect the artifacts that can be used to build the detection use cases.

Malware Techniques:

Following techniques discussed in the PMA (Practical Malware Analysis)

  • Basic static analysis

Basic static analysis is a quick analysis. In this analyst's main focus is on collecting the raw artifacts and determining whether the binary is malicious or not with the help of some basic tools. Analysts can use these artifacts to perform OSINTing. Artifacts can be execution paths, hashes, strings, resources, PE headers, libraries, imported functions and command-line etc.

  • Basic dynamic analysis

Basic dynamic analysis is the type of quick analysis to understand the behavior of malware by executing it. (also called run time analysis). Analysts mostly used this approach after the dead-end of the basic static analysis. Unlike static analysis dynamic analysis provide the analysts clear picture of the malware. Dynamic analysis is mostly performed in the sandbox environment which we will learn in upcoming blogs. 

  • Advance static analysis:

Advance static analysis is a complex approach for most of the analysts. It includes the reverse engineering of the malware to understand the actual instructions that are given to the malware.

  • Advance dynamic analysis:

In advance, dynamic analysis analysts mostly use the debugger to collect the detailed artifacts and malicious intents of the malware. In later blogs, we'll discuss in detail.

Conclusion:

Without covering the detailed concepts of the malware analysis concluded this article. I hope that readers recap their basic concepts of malware analysis and prepare themselves for upcoming series which would be more insightful.


Comments

Post a Comment

Popular posts from this blog

Cyber Threat Intel

Analyzing Spear Phishing Email

Advance Attacks on Network