Hi, I need help with a time sensitive assignment on malware analysis.
Erica runs Palindrome Consulting and good news, you work there. A law enforcement agency has asked Palindrome to analyze two files of questionable virtue and you’re just the person for the job! Perform a dynamic and static analysis of these files which will prove or disprove their status as malware.
For this assignment, you’ll want either a 32-bit version of Linux or some 32-bit libraries installed
otherwise running a 64-bit version of Linux when trying to perform
their dynamic analysis will result in an error message such as “unable
to execute ./foo: No such file or directory” even when foo is in their
path. You can either use a 32-bit Linux or install some 32-bit shared
libraries which have worked in the past:
sudo aptitude install libc6:i386
Background:
You’re a contractor working at the prestigious firm of
Palindrome Consulting, Inc
575 Tattarrattat Drive
Oktahatko, FL 32423
Your boss, Erica Wilde, has assigned to you a case to analyze two
files of a questionable nature. Law enforcement recovered the files from
a workstation at Reynholm Industries after their IT department noticed
curious traffic across their network originating from the workstation.
The lead investigator indicated that his team believes the software was
the origin of this traffic after a cursory look, but has contacted
Palindrome to identify specifically what the software is and how it
works.
Your task:
Conduct both a static and dynamic
analysis of the two files. Report the procedures you used, the results,
and, if it is in fact malware, the possible legal implications of the files use. (That’s in bold for a reason and still some leave this out!)
Conduct your analysis within a virtual machine only.
If, IF, the files are malware, let’s just say they
may be gimped, but make sure that the VM you use for the analysis is set
to a host-only based network after you download the files to your VM
just in case. As a bonus, that’s good incident response and forensic
practice as you do not know what the software would do once executed.
Deliverable:
Conduct your analysis and provide a written report (.pdf preferred or .doc format).
- Written in non
technical terms which describes the purpose of the software and the
legal implications of someone having and using the software. Provide an
example or two of incidents where such software has been used. This
section should be titled “Analysis Overview.”
- A complete, specific, and detailed explanation of the results of your static and dynamic analysis.
- Do not include all
of the results for the longer, more detailed results such as lsof and
strace, but a few screenshots that point out the ‘interesting’ parts of
the results that assisted you in identifying what the software does (open ports? open files? etc.). This section should be titled ‘Technical Section.’
If you just provide a screenshot of your commands and results with no interpretation, there will be 0 credit given 🙁
0 comments