![]() ![]() ![]() Another issue is that if I haven’t performed some basic analysis I might be stepping through packed code and won’t actually get to analyze anything of interest. Without performing this initial gathering of evidence I would be reluctant to open the malware in 圆4dbg and start blindly stepping through assembly code. I can also get a rough idea of what the malware author’s goals may be in writing a malicious program, perhaps it’s financially motivated such as Ransomware, alternatively, it could be a RAT (Remote Access Trojan) that provides the bad guys with backdoor access to a network. From this, I can determine some key indicators of compromise (IOC’s) such as network traffic, files written to disk, and persistence mechanisms. This initial triage gives me an understanding of what the malware does when it compromises a device. When I use a tool such as 圆4dbg to reverse engineer malware I first make sure I have done some behavioral analysis of the binary first using some freely available tools. ![]() Reloading unwrapped malware into 圆4dbg.In this series, we’ll cover these 圆4dbg use cases: This article will serve as an 圆4dbg tutorial in which I will cover the methodology I use when reverse engineering malware and demonstrate how to use the tool to unpack a malware sample. In a previous blog post, I explained what 圆4dbg is and also broke down some of the features of the tool and why they are useful for malware analysis. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |