Malzilla JavaScript Analysis

Posted on June 15, 2023June 15, 2023 by randrada

JavaScript Malware Analysis using - Malzilla

Malzilla is a GUI-based tool for analyzing malicious JavaScript and Web pages. It is specifically built to deobfuscate JavaScript by using SpiderMonkey JavaScript engine for executing JavaScript code.

JavaScript Analysis From Malware Analysis Perspective:

This involves examining the code to uncover potential malicious behavior, understand its functionality, and identify any obfuscation techniques employed. By dissecting the JavaScript, analysts aim to detect payload delivery mechanisms, identify suspicious patterns, and determine the impact it may have on systems and data.

JavaScript analysis plays a crucial role in cybersecurity, enabling researchers to identify and mitigate potential threats. Malicious JavaScript continues to be a favored vector for attacks, ranging from spear-phishing campaigns to drive-by downloads.

The use of tools like Malzilla significantly enhances the analysis process, making it faster and more efficient. By leveraging such tools, security professionals can effectively dissect malicious code and respond swiftly to protect their systems and data.

Automate Artifact Collection

SSDEEP Fuzzy Hashing

Posted on June 14, 2023June 14, 2023 by randrada

Malware Static Analysis with SSDEEP Fuzzy Hashing Tool

ssdeep – is a tool used for Fuzzy Hashing, which is a type of hashing that employs Context-Triggered Piecewise Hashing (CTPH). Essentially, this tool is utilized to compare files that are similar but not identical.

Using ssdeep, it is possible to classify various malware samples, and if any similarities are detected, the tool can identify the malware family to which the sample belongs.

Static Analysis Tool Lists

MiTec Registry Recovery

Posted on November 7, 2022February 22, 2023 by randrada

Malware Dynamic Analysis with MiTec Windows Registry Recovery

MiTec Windows Registry Recovery is an application that allows to read files containing Windows 9x,NT,2K,XP,2K3,7,8 and 10 registry hives. It extracts many useful information about configuration and windows installation settings of host machine.

Dynamic Analysis Tool Lists

tshark

Posted on November 7, 2022November 7, 2022 by randrada

Packet Analysis with tshark

tshark is a famous network protocol analyzer tool that let you see what is happening on your network at a microscopic level. It is the cli counterpart of the GUI analyzer tool Wireshark.

Dynamic Analysis Tool Lists

UPX Unpacker

Posted on August 11, 2022February 22, 2023 by randrada

Malware Static Analysis with UPX Packer

UPX is a famous tool that is used to pack and unpack a PE file and used by both benign and malicious software for their own gain.

Static Analysis Tool Lists

HashMyFiles

Posted on July 25, 2022February 22, 2023 by randrada

Malware Static Analysis with HashMyFiles

HashMyFiles by Nirsoft is a small utility that allows you to calculate the MD5 and SHA1 hashes of one or more files in your system. You can easily copy the MD5/SHA1 hashes list into the clipboard, or save them into text/html/xml file.

HashMyFiles can also be launched from the context menu of Windows Explorer, and display the MD5/SHA1 hashes of the selected file or folder.

Static Analysis Tool Lists

ApateDNS

Posted on June 6, 2022February 22, 2023 by randrada

Malware Dynamic Analysis with ApateDNS

ApateDNS is a tool that can be used for controlling DNS responses through an easy-to-use GUI. This tool can let you spoof DNS responses to a user-specified IP address by listening on UDP port 53 on the local machine.

Dynamic Analysis Tool Lists

DriverView

Posted on April 27, 2022February 22, 2023 by randrada

Malware Dynamic Analysis with DriverView

DriverView is a tool derives from the name itself where let the user to view the drivers installed inside the system.

Dynamic Analysis Tool Lists

FakeNet

Posted on April 27, 2022February 22, 2023 by randrada

Malware Dynamic Analysis with FakeNet-NG

FakeNet-NG is a tool that can be used as network simulator. This tool can let you observe the network activity of the sample you are analyzing that is connecting outside your isolated environment. It also logs a pcap file after and can be found inside the FakeNet directory.

Dynamic Analysis Tool Lists

Using FakeNet as a network simulator can give us rich information. It also generates a pcap file inside the FakeNet directory when the executable is terminated.

In our sample, FakeNet logs the http communication of a sample connecting outside the environment, and this artifact can be used as a network based IOC.

GMER

Posted on April 27, 2022February 22, 2023 by randrada

Malware Dynamic Analysis with GMER

GMER is a rootkit detection tool let you view the hooking executable and the hooked function inside the system.

Dynamic Analysis Tool Lists

GMER can give us details about the name of the executable that performs the hooking and the module it hooks.

In our sample, GMER detects a Win32.AgentTesla.exe[2820] hooks user32.dll’s GetKeyboardState API.

Agent Tesla is a known variant of information-stealing malware.