Skip to content

OlaleyeAyobami/Malware-Analysis-Lab

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
README.md
README.md
 
 

Repository files navigation

Malware Analysis Lab

Objective

The goal of this lab is to conduct a basic static malware analysis. We obtained a malicious file named "factora.zip" from LetsDefend. Despite the warning not to open it locally, we proceeded with caution by utilizing a Remnux VM. The objective is to analyze the file without executing it, focusing on understanding its characteristics.

Skills Learned

  • Advanced comprehension of malware analysis fundamentals.
  • Familiarity with static analysis techniques and tools.
  • Understanding of file metadata extraction and interpretation.
  • Recognition of suspicious keywords and patterns in malware files.
  • Awareness of common vulnerabilities and potential exploitation methods.

Tools Used

  • Remnux VM for malware analysis environment.
  • Linux commands for file manipulation and analysis (e.g., ls, sha256sum).
  • Analysis tools such as exiftool and rtfdump.py for metadata extraction.
  • Online services like VirusTotal for hash analysis and threat intelligence.

Steps

  1. File Acquisition and Initial Assessment:

    • Downloaded "factora.zip" from LetsDefend.

    • 1

    • Extracted the file using a password provided on the website.

    • Utilized Linux commands to inspect the file structure and calculate its hash.

  2. File Identification and Analysis:

    • Identified the file as an RTF document and determined its size.

    • 2

    • Used exiftool to extract metadata, including creation and access timestamps.

    • 3

    • Employed rtfdump.py for further analysis of the RTF structure and content.

  3. Keyword and Object Analysis:

    • Scrutinized the file for suspicious keywords and objects using rtfdump.py.

    • 5

    • Investigated identified objects and keywords for potential risks or exploitation.

  4. Vulnerability Assessment:

    • Discovered a Microsoft Equation 3.0 object, potentially related to known vulnerabilities (CVE-2017-11882 or CVE-2018-0802).

    • 7

    • Acknowledged the potential for exploitation based on the identified vulnerability.

Conclusion

Through this lab, we gained practical experience in conducting static malware analysis, enhancing our understanding of malware behavior and detection techniques. The skills acquired are valuable for identifying and mitigating potential security threats in real-world scenarios.

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages