- Feb 13, 2017
- 1,486
Hello
I'm considering to implement a VM for malware testing and I was thinking of a roadmap to face a serious study.
Indeed, once you have finished the analysis of a sample, you have an amount of information that need a well structured order.
Important is the technical analysis of the code, but structuring the obtained information is a great goal.
So let’s consider what are the most important questions to be answered.
- How many variants of the same malcode?
- What is the used algorithm to pack the core, if packed ?
- Could this tell us anything about how's skilled the malcoder behind it ?
- Where does this connect out to ?
- How sophisticated this malware is ?
Answering to these question will tell us: what are the involved servers, involved people and what kind of criminal activity is.
Difficult challenge? Maybe.
I'm considering to implement a VM for malware testing and I was thinking of a roadmap to face a serious study.
Indeed, once you have finished the analysis of a sample, you have an amount of information that need a well structured order.
Important is the technical analysis of the code, but structuring the obtained information is a great goal.
So let’s consider what are the most important questions to be answered.
- How many variants of the same malcode?
- What is the used algorithm to pack the core, if packed ?
- Could this tell us anything about how's skilled the malcoder behind it ?
- Where does this connect out to ?
- How sophisticated this malware is ?
Answering to these question will tell us: what are the involved servers, involved people and what kind of criminal activity is.
Difficult challenge? Maybe.