401d8 read 32 - carlosjorr/reading-notes GitHub Wiki

Malware Traffic Analysis with Wireshark

You just started a new job as a Malware Analyst. Explain your job responsibilities to a family member.

It's like being a digital detective, investigating how these bad programs work so we can better defend against them. I analyze their behavior, structure, and methods to come up with ways to neutralize their effects and keep computers safe. It's like solving puzzles in the virtual world!

What are the six steps of the Malware Analysis process? What’s a good mnemonic you can use to remember it?

Six Steps of the Malware Analysis Process:

Reconnaissance: Gathering information about the malware, such as where it came from, its distribution methods, and any related indicators.

Static Analysis: Examining the malware's code without executing it, looking for patterns, and identifying its components.

Dynamic Analysis: Running the malware in a controlled environment to observe its behavior, like what files it accesses or network connections it makes.

Code Analysis: Delving into the malware's source code to understand its functions and techniques used to exploit vulnerabilities.

Behavior Analysis: Observing how the malware interacts with the host system, including its impact on system performance and network activity.

Reporting: Documenting findings, describing the malware's behavior, and providing recommendations for protection and mitigation.

Mnemonic for Remembering the Six Steps:

Remembering the six steps can be made easier with the mnemonic "Real Daring Cats Can Bring Behaviors," where each word represents the first letter of the steps in order: Reconnaissance, Dynamic Analysis, Code Analysis, Static Analysis, Behavior Analysis, Reporting.

You are tasked with analyzing a new malware sample. Which type of malware analysis would you conduct first and why?

if I'm tasked with analyzing a new malware sample, the first type of analysis I would conduct is "Static Analysis." This involves examining the malware's code and structure without actually running it. It helps to identify characteristics, such as file names, encryption methods, and potentially malicious strings. By understanding the static aspects of the malware, we can gain insights into its potential impact and devise strategies to counteract it. This step lays the groundwork for more in-depth analysis like dynamic analysis to see how it behaves when executed.