Skip to content

Read: Class 32 Malware Traffic Analysis with Wireshark

Jump to bottom
Sérgio Charruadas edited this page Jul 1, 2023 · 4 revisions

Based on the following articles:

What is Malware Analysis?

You just started a new job as a Malware Analyst. Explain your job responsibilities to a family member.

I would explain to the family member that as a Malware Analyst, my main responsibility is to analyze and investigate malicious software or malware. This involves inspecting malware code to understand how it works, what it does, and how to mitigate its threats. I investigate malware samples to determine their characteristics, functionality, origins, and potential impact. The goal is to gain insights that can help prevent future malware infections and cyberattacks. My work helps improve an organization's cybersecurity defenses and minimize security risks from malware.

What are the six steps of the Malware Analysis process? What’s a good mnemonic you can use to remember it?

The six steps are:

  • Capture the malware
  • Build a malware lab
  • Install your tools
  • Record the baseline
  • Commence your investigation
  • Document the results

A good mnemonic can be: CBITCD

  • C - Capture
  • B - Build
  • I - Install
  • T - Take
  • C - Commence
  • D- Document

You are tasked with analyzing a new malware sample. Which type of malware analysis would you conduct first and why?

The first type of analysis I would conduct is static malware analysis. This involves examining the malware's static properties like file metadata, code structure, embedded resources, etc. without actually executing the malware.

I would start with static analysis first because it is the safest and fastest way to gather initial information about the malware sample. It can reveal basic details that help classify the malware and determine if it merits further dynamic analysis.

Things I want to know more about

After reading this overview of malware analysis, here are some areas I want to gain a deeper understanding of:

  • Advanced tools: I want to research and learn more about sophisticated malware analysis tools that can automate parts of the process and provide insightful reports. Understanding how to leverage the best tools will help maximize my effectiveness as a malware analyst.

  • Memory forensics: Memory analysis seems to be a crucial but complex part of the overall investigation. I want to explore techniques and tools that can extract useful information from malware's memory footprint.

  • Code reversal: Manual code reversal and static analysis of malware's logic seems pivotal to truly understanding its purpose and functionality. I want to develop these skills by practicing on real-world samples.

Clone this wiki locally