Author Topic: Malware Lab Setup for Static Analysis  (Read 4371 times)

0 Members and 1 Guest are viewing this topic.

Offline Deque

  • P.I.N.N.
  • Global Moderator
  • Overlord
  • *
  • Posts: 1203
  • Cookies: 518
  • Programmer, Malware Analyst
    • View Profile
Re: Malware Lab Setup for Static Analysis
« Reply #15 on: January 16, 2016, 05:47:39 pm »
Gotcha. Thanks for the clarification.

Sent from my Nexus 6P using Tapatalk

Hi ducksauce88.

You got the impression from this tutorial, but keep in mind that I discussed here the possibilities of static analysis in a non-safe environment (no VM and no dedicated machine that you can roll back). There are some situations were you might need that.

The best is of course if you can use the safe environment for everything.
« Last Edit: January 23, 2016, 10:40:25 am by Deque »

Offline Racheltjie de Beer

  • Serf
  • *
  • Posts: 26
  • Cookies: -1
  • Everything Zen
    • View Profile
Re: Malware Lab Setup for Static Analysis
« Reply #16 on: January 22, 2016, 12:42:23 pm »
Hi Deque,

Thank you for an interesting article.

I'm pre-noob when it come to this subject mater but I've experience ppl acting very similar than some of the comments.

For a newbie, in this case, it sounds like a lot more work / reading / thinking to do static analysis than dynamic analysis.  [Insert argument to start at the wrong place first – I've heard it]  It makes logical sense to study something before pressing the on button, just ask the bomb squad.  In the dev environment, the newbies don't want to read up, read code, etc. They want to press run and see what happens, but they don't know what they are looking at because they don't know the underlying system. Soon they figure out that they will have to, in any case, work / reading / thinking.

Edit: (I've jump the gun, I saw your other tutorials)
A bit of topic… How do you receive these samples?
On email, USB stick etc?
How do you prevent it from executing just by receiving it? (I assume some malware can propagate like a virus)
« Last Edit: January 22, 2016, 12:53:45 pm by Racheltjie de Beer »
(Thinkn) x ∑1n (Search x Reading)

Offline deltonos

  • Serf
  • *
  • Posts: 36
  • Cookies: -2
    • View Profile
Re: Malware Lab Setup for Static Analysis
« Reply #17 on: January 22, 2016, 01:13:34 pm »
In the dev environment, the newbies don't want to read up, read code, etc. They want to press run and see what happens,



Thats sounds sad, but mostly around the world is true nowadays. I´m not a developer, but since last time of 90`s I had to deal with many "cakes" of malware. I know it gonna fuck me... but I want to know in what way (where it going to comunicate, what info will going to be stolen, etc). Antivirus, Endpoints protecctions and similars I think are mitigation, not for prevention.

Regards.

P.S Thanks @deque :)
« Last Edit: January 22, 2016, 01:14:35 pm by deltonos »

Offline Racheltjie de Beer

  • Serf
  • *
  • Posts: 26
  • Cookies: -1
  • Everything Zen
    • View Profile
Re: Malware Lab Setup for Static Analysis
« Reply #18 on: January 22, 2016, 01:44:16 pm »
...
 but I want to know in what way (where it going to comunicate, what info will going to be stolen, etc). Antivirus, Endpoints protecctions and similars I think are mitigation, not for prevention.
...

It was not curiosity that killed the cat, it was a little boy and a microwave...
In the 90, when you still could email exe, I made a simple "bomb" app to email to an idiot.  On load, kicked of a new thread to load the same app as a new process/program (each one needed to be killed separately).  On close did the same.  So I coded and compiled the thing and like a toad I pressed run on my PC (just to see what will happened). Guess I was the id10t

Win 95 crashed after loading 127 programs in 10 sec...

Any case, studying code will tell you almost all you need to know.  And I would try and do that first before testing the "unknown" interactions, like with Anti virus etc.
(Thinkn) x ∑1n (Search x Reading)