Help With Malware Analysis

0 comments

Hi, I need help with a time sensitive assignment on malware analysis.

Erica runs Palindrome Consulting and good news, you work there. A law enforcement agency has asked Palindrome to analyze two files of questionable virtue and you’re just the person for the job! Perform a dynamic and static analysis of these files which will prove or disprove their status as malware.

For this assignment, you’ll want either a 32-bit version of Linux or some 32-bit libraries installed
otherwise running a 64-bit version of Linux when trying to perform
their dynamic analysis will result in an error message such as “unable
to execute ./foo: No such file or directory” even when foo is in their
path. You can either use a 32-bit Linux or install some 32-bit shared
libraries which have worked in the past:

sudo aptitude install libc6:i386

Background:
You’re a contractor working at the prestigious firm of

Palindrome Consulting, Inc

575 Tattarrattat Drive
Oktahatko, FL 32423

Your boss, Erica Wilde, has assigned to you a case to analyze two
files of a questionable nature. Law enforcement recovered the files from
a workstation at Reynholm Industries after their IT department noticed
curious traffic across their network originating from the workstation.
The lead investigator indicated that his team believes the software was
the origin of this traffic after a cursory look, but has contacted
Palindrome to identify specifically what the software is and how it
works.

Your task:
Conduct both a static and dynamic
analysis of the two files. Report the procedures you used, the results,
and, if it is in fact malware, the possible legal implications of the files use. (That’s in bold for a reason and still some leave this out!)

Conduct your analysis within a virtual machine only.

If, IF, the files are malware, let’s just say they
may be gimped, but make sure that the VM you use for the analysis is set
to a host-only based network after you download the files to your VM
just in case. As a bonus, that’s good incident response and forensic
practice as you do not know what the software would do once executed.

Deliverable:
Conduct your analysis and provide a written report (.pdf preferred or .doc format).

  • Analysis Overview
    • Written in non
      technical terms which describes the purpose of the software and the
      legal implications of someone having and using the software. Provide an
      example or two of incidents where such software has been used. This
      section should be titled “Analysis Overview.”
  • Technical Section
    • A complete, specific, and detailed explanation of the results of your static and dynamic analysis.
    • Do not include all
      of the results for the longer, more detailed results such as lsof and
      strace, but a few screenshots that point out the ‘interesting’ parts of
      the results that assisted you in identifying what the software does (open ports? open files? etc.). This section should be titled ‘Technical Section.’
  • For each command you run you need to describe
  • What you were doing
  • Why you were doing it / what was the objective
  • An interpretation of the results.
  • If you just provide a screenshot of your commands and results with no interpretation, there will be 0 credit given 🙁

    About the Author

    Follow me


    {"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}