INTRODUCTION TO MALWARE ANALYSIS Hussein Muhaisen AKA System Exploited
2. WHAT IS MALWARE ? • Malware is a Binary that does MaliciousActivities • Malware is used by attackers to perform malicious actions and gain control over their targets or spying on them • RATS,Keyloggers , Ransomware. These are all examples of malware that are widely common and used nowadays.
3. TYPES OF MALWARE • Virus orWorm : Malware that is capable of copying itself and spreading to other computers.A virus needs user intervention,whereas a worm can spread without user intervention • Trojan : Malware that disguises itself as a regular program to trick users to install it on their systems. Once installed, it can perform malicious actions such as stealing sensitive data, uploading files to the attacker's server, or monitoring webcams • Backdoor / Remote Access Trojan (RAT):This is a type of Trojan that enables the attacker to gain access to and execute commands on the compromised system • Botnet:This is a group of computers infected with the same malware (called bots), waiting to receive instructions from the command-and-control server controlled by the attacker. The attacker can then issue a
command to these bots, which can perform malicious activities such as DDOS attacks. • Ransomware: Malware that holds the system for ransom by locking users out of their computer or by encrypting their files. • Rootkit: Malware that provides the attacker with privileged access to the infected system and conceals its presence or the presence of other software.
4. WHAT IS MALWARE ANALYSIS • Malware analysis is the process of analyzing a malware sample and be able to exfiltrate as much as information as possible , malware analysis is really important because by analyzing how the malware functions , how it spreads , and the type of malware used. Helps us defend against future attacks
5. Static analysis Dynamic analysis Code analysis Behavioral analysis Static analysis is the Process of Analyzing malware without executing it the main goal is to extract as much information as possible. Example : Strings. Dynamic analysis is the Process of Analyzing the malware and how it functions by executing it the purpose if this process is to see what the malware does and how it behaves. Code analysis is the process of Reverse Engineering the malware , basically this process is analyzing how the malware is written. Behavioral analysis is the process of monitoring the malware after execution the purpose of this process is to monitor every process that the malware modifies or communicates to. Examples: Registry Entries , and Network Packets
6. WHAT’S NEXT ? • Setup an Dedicated Isolated Environment ForAnalyzing Malware • LearnWindows Internals and Linux Internals , and how Computers work in general • Learn / Understand Programming and Mostly Assembly and C/C++ ,and Java • Understand Network Fundamentals • UnderstandThe Operating System Architecture
7. THANK YOU <3