Posts

Email Header Analysis

Image
If we go to the Spam mails, we will find an email for instance the email that sent by banks. Then it required us to update user credentials such as username and password. That email usually was contained a link so that once the user clicked, it directed to the update page. It was a phishing or fraudulent email that sent by attacker to steal the credentials.  There are several types of phishing attacks but for this entry, I would like to talk about how to analyze the email header. If you are using Gmail, we can get the email header by click Show Original . An email consists of 3 elements:  the envelope, the header(s), and the body of the message.  Sample fraud email: Email Header --------------- The header contains the "name" and "address" of the sender, recipient and anyone who is being copied, the "date" and "time" the mail is sent and the "subject" of the mail. The header exists mainly for the computer to route mail to you. ...
Post a Comment
Read more

Malware Analysis: Dynamic Analysis

Image
Dynamic analysis is any examination performed after executing malware. This technique require analyst to execute malicious code in a virtual machine in order to observe what changes it will make to the operating system. Based on the observed changes, we will try to figure out how the malware works and what the indicators of the system infection are. Behavioral analysis will cover following topics: ·          Detecting new process creation ·          Detecting file system and registry changes ·          Detecting rootkit artifacts using GMER ·          Analyzing in-memory strings ·          Monitoring system events  1.    Preparing the analysis Setup the clean Windows Machine and snapshot as a clean version. Install the tools such as Regshot, Process Ex...
Post a Comment
Read more

Malware Analysis Part 1.1 : Basic Static Analysis

Image
I've decided to improve my previous entry about Malware Analysis 1. I've learnt several tools and techniques that obtained from ENISA training sheets and Sam Class. Thanks ENISA  and SAM for a good stuff! So I just used malicious sample from Practical Malware Analysis Lab for this analysis.  ----------------------------------------------- Detecting and Unpacking Packers ----------------------------------------------- This is a techniques that has been used by malware author to obfuscate or evade from AV detection. First, upload the malware sample into PEid: Indicates that the malware was using UPX packer. Then use ExeInfo PE for further verification.  Confirmed that malware was using UPX and use advance scan by clicking '>' button. Then unpacking the malware using UPX Re-analyzed the sample by using PEiD. Its recognized the sample as Microsoft Visu C++ file. ---------------------------------------...
Post a Comment
Read more