Reverse Engineering Script Kiddie Malware
Added 2023-06-04 17:58:14 +0000 UTCTo find interesting malware I sometimes scroll through the public reports of the Triage sandbox website where different users will execute their malware. I stumbled across the malware for this video as it had a high score but no family detected which means that the employees at Triage have not written a detection for the malware meaning that it hasn't been covered yet which is quite interesting. Looking through the Triage detections we see the signatures which have triggered to give it a high malicious score. These include elevation of priviliges, detection of web downloaded executables and all kinds of data theft.
Malware Analysis Walkthrough
The initial inspection revealed that the malware possesses signatures like granting administrative privileges, downloading files, and modifying firewalls. The process tree revealed the starting point as file.exe, leading to an intricate web of processes including IEX flora.exe, indicating multiple malicious activities.
Recent Malware Analysis Tutorials
- How to Find Malware C2 Panels - Threat Hunting
- Binary Refinery Tutorial
- North Korean Malware Analysis - ROKRAT KillChain
- CyberChef Malware Analysis - DCRat Loader
- WhiteSnake Stealer Malware Analysis
