Every computer user understands the importance of cybersecurity in today’s world, and businesses must work hard to protect themselves against malicious attacks.
But what happens when you aren’t the one launching the attack?
From phishing scams to ransomware, malware has become more sophisticated than ever before, and catching it in the act can seem like an impossible task without cutting-edge technology.
What kind of response does an organization like yours need to prepare in order to respond to attacks by others?
To understand how malware analysis works, it’s important to know the basics behind how hackers operate and what they hope to accomplish with their attacks.
First Stage
Once I’ve collected my malware sample, I use something called Anti-VM (Anti Virtual Machine) to ensure it hasn’t been placed on my system by mistake. This tool will scan any executables you provide and return if they contain any Windows or Linux traces. If it’s legitimate malware and not some benign utility, it should fail with an error message like: You can’t run anti-virus inside an anti-virus.
The amount of time spent on analyzing these initial bytes depends on how suspicious something looks; if nothing jumps out at me, I’ll make notes and move onto something else until I feel like coming back to take another look later.
This stage can also consist of me just looking through documentation or whitepapers that others have made about similar malware in order to get an idea for what its capabilities might be.
Second Stage
In-depth Examination: In most cases, it would be difficult for most users to determine if their computer was infected with malware. This is where stage two comes in.
For every malware sample you have collected from your client, you should dig deeper into each sample and identify what kind of attack method was used, how it’s obfuscated, where it wants to send information or files (if any), and its overall behavior.
Third Stage
The Eye Opener – Analysis: At Third Stage, we use an application designed to analyze malware for hidden text and encoded data.
In some cases, it can take days to get past all of our obstacles and backdoors before we discover whether there is hidden malware on a particular piece of hardware or not.
There are many hurdles that need to be taken into account before we even begin our analysis.
