Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Malware Analysis
First Time Looking At Malware
Message
<blockquote data-quote="struppigel" data-source="post: 937137" data-attributes="member: 86910"><p>Hello kappo,</p><p></p><p>Cryptolocker is dead since at least 5 years. I recommend that you look at something more recent.</p><p>Generally for a beginner you might want to get samples that are:</p><ul> <li data-xf-list-type="ul">well known and documented, so you can check if your analysis is correct</li> <li data-xf-list-type="ul">not packed, because unpacking can be a difficult challenge at the start</li> <li data-xf-list-type="ul">no viruses, no worms and no file encrypting ransomware; reason: if you leave anything in your lab setup accessible or vulnerable, these will spread to other systems, or encrypt files, e.g., a common mistake can be to leave an accessible drive attached, or use a writeable shared folder; or getting accessible network devices infected via a worm. So these malware types are not beginner-friendly.</li> </ul><p>Some books and labs provide safe samples for your first analysis. E.g., you can download the samples for the book Practical Malware Analysis by Honig and Sikorsky (google for them).</p><p></p><p>I also recommend MalwareBazaar: <a href="https://bazaar.abuse.ch/browse.php" target="_blank">MalwareBazaar | Browse malware samples</a></p><p>You can register there for free and search, e.g. for <strong><span style="color: rgb(85, 57, 130)"><strong>tag:unpacked</strong></span></strong> to get some non-packed samples. </p><p></p><p>If you want ransomware, prefer screenlockers for your first try. They give you something to look at <img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite110" alt=";)" title="Wink ;)" loading="lazy" data-shortname=";)" />. After that checkout <span style="color: rgb(85, 57, 130)"><strong>tag:HiddenTear </strong></span>samples. These encrypt files but most HiddenTear samples have reversible encryption (just in case something goes wrong).</p><p></p><p>I also recommend to try to find analysis reports that provide malware hashes and go alongside those reports while analysing the same sample. That way you will know if your analysis result is correct.</p></blockquote><p></p>
[QUOTE="struppigel, post: 937137, member: 86910"] Hello kappo, Cryptolocker is dead since at least 5 years. I recommend that you look at something more recent. Generally for a beginner you might want to get samples that are: [LIST] [*]well known and documented, so you can check if your analysis is correct [*]not packed, because unpacking can be a difficult challenge at the start [*]no viruses, no worms and no file encrypting ransomware; reason: if you leave anything in your lab setup accessible or vulnerable, these will spread to other systems, or encrypt files, e.g., a common mistake can be to leave an accessible drive attached, or use a writeable shared folder; or getting accessible network devices infected via a worm. So these malware types are not beginner-friendly. [/LIST] Some books and labs provide safe samples for your first analysis. E.g., you can download the samples for the book Practical Malware Analysis by Honig and Sikorsky (google for them). I also recommend MalwareBazaar: [URL="https://bazaar.abuse.ch/browse.php"]MalwareBazaar | Browse malware samples[/URL] You can register there for free and search, e.g. for [B][COLOR=rgb(85, 57, 130)][B]tag:unpacked[/B][/COLOR][/B] to get some non-packed samples. If you want ransomware, prefer screenlockers for your first try. They give you something to look at ;). After that checkout [COLOR=rgb(85, 57, 130)][B]tag:HiddenTear [/B][/COLOR]samples. These encrypt files but most HiddenTear samples have reversible encryption (just in case something goes wrong). I also recommend to try to find analysis reports that provide malware hashes and go alongside those reports while analysing the same sample. That way you will know if your analysis result is correct. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
