App Review Malware Analysis - Simple Habits to Stop Going Down the Rabbit Hole

It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
Content created by
struppigel
struppigel

struppigel

Super Moderator
Thread author
Verified
Staff Member
Well-known
Apr 9, 2020
667
Content source
https://www.youtube.com/watch?v=deG_-5opR30


To summarize:

Don't dive immediately into code, create an overview first.
To do so:
  • always extract strings (IDA strings tab is no replacement)
  • always check file in a hex editor
  • use visualization for large files to find interesting areas
  • use automated analysis reports
  • along the way make notes of interesting structures, strings, characteristics, behaviour
Strings extractors and hex editor cannot be fooled that easily. They work regardless of the file type.

If you go down a rabbit hole:
  • stop, take a step back, take a break
  • talk to colleagues, friends or a rubber duck about it
  • go back to creating an overview again
  • ask for help
 
Last edited:
  • Like
  • +Reputation
  • Applause
Reactions: Behold Eck, SeriousHoax, Protomartyr and 19 others
struppigel

struppigel

Super Moderator
Thread author
Verified
Staff Member
Well-known
Apr 9, 2020
667
Thank you.
Yes, since I am analysing a sample, there is no way to shorten it more. I wish I could talk faster in English, though. I have to think too much.
Regarding the wallpaper: At first I wanted to say that this is just a VM but then I realized I have my wallpaper on my actual laptop for at least 7 years now. So I guess that's just me. :giggle:
 
  • Like
  • HaHa
Reactions: ForgottenSeer 89360, SeriousHoax, Protomartyr and 7 others
A

avman1995

New Member
Nov 4, 2020
2
Also if you are reversing: its best to use tools like IDA-Scope when you are in doubt of whatever encryption a sample is using to protect its goodies. Another great hint in that regard would be to look for functions that are called plenty of times in IDA (xrefs) chances are that its something important !! Its okay to break your head on things sometimes. I have figures that's how i tend to remember things. If it gets too far ask for help but try it yourself first! Just start slow you can't pick up everything at once. Keep looking for stuff to analyze especially if the family has OSINIT reports on it they will help you enormously in understanding (try to emulate whatever they find and understand the technicalities). You have to keep going at it, only then the sword will get sharp and remain sharp !
 
  • Like
Reactions: Andy Ful, Protomartyr, upnorth and 2 others

Similar threads

upnorth
    • Like
    • +Reputation
    • Wow
Malware Analysis PyPI Malware Creators are starting to Employ Anti-Debug techniques
Replies
0
Views
887
Malware Analysis
upnorth
upnorth
Lymphocyte
    • Like
    • +Reputation
Security News ESET repports that OilRig’s persistent attacks using cloud service-powered downloaders
Replies
0
Views
2,487
Security News
Lymphocyte
Lymphocyte
Bot
    • Like
Analysis of a targeted attack exploiting the WinRar CVE-2018-20250 vulnerability
Replies
4
Views
1,803
Microsoft Defender
Andrew3000
Andrew3000

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top