Malware Traffic Analysis with Wireshark - benjamin-s-hobbs/reading-notes GitHub Wiki

Malware Traffic Analysis with Wireshark

From: What is Malware Analysis? (accessed by Benjamin Hobbs on 68/20)

You just started a new job as a Malware Analyst. Explain your job responsibilities to a family member.
- I take the things that bad people use to twist and break people's computer's and I examine them to find a way to fix the computer, and to stop it from happening to other computers.
- If I did this for people, I might be thought of as a doctor of some sort.
What are the six steps of the Malware Analysis process? What’s a good mnemonic you can use to remember it?
1. Capture the malware
2. Build a malware lab
3. Install your tools
4. Record the baseline
5. Commence the investigation
6. Document the results
- A mnemonic that may assist with learning this is: To CAPTURE the flag, BUILD a fortress, then INSTALL your defenses. RECORD the battlefiefield as it is, COMMENCE the fight...when you prevail, they will sing songs that DOCUMENT your victory for thousands of years.
You are tasked with analyzing a new malware sample. Which type of malware analysis would you conduct first and why?
- Out of the four types of malware analysis (static, dynamic, manual, automated) I would choose a static anaylsis of a manual nature. A static review may show what the malicious nature of the malware is (and therefore wouldn't warrant further research). If further examination would be necessary and we still aren't sure about the malware's capabilities, breaking it down manually would help to learn more about it safely.