The goal of this lab is to conduct a basic static malware analysis. We obtained a malicious file named "factora.zip" from LetsDefend. Despite the warning not to open it locally, we proceeded with caution by utilizing a Remnux VM. The objective is to analyze the file without executing it, focusing on understanding its characteristics.
Skills Learned
- Advanced comprehension of malware analysis fundamentals.
- Familiarity with static analysis techniques and tools.
- Understanding of file metadata extraction and interpretation.
- Recognition of suspicious keywords and patterns in malware files.
- Awareness of common vulnerabilities and potential exploitation methods.
Tools Used
- Remnux VM for malware analysis environment.
- Linux commands for file manipulation and analysis (e.g.,
ls
,sha256sum
). - Analysis tools such as
exiftool
andrtfdump.py
for metadata extraction. - Online services like VirusTotal for hash analysis and threat intelligence.
Steps
-
File Acquisition and Initial Assessment:
-
File Identification and Analysis:
-
Keyword and Object Analysis:
-
Vulnerability Assessment:
Through this lab, we gained practical experience in conducting static malware analysis, enhancing our understanding of malware behavior and detection techniques. The skills acquired are valuable for identifying and mitigating potential security threats in real-world scenarios.