logo Use CA10RAM to get 10%* Discount.
Order Nowlogo
(5/5)

Scenario Analyzing Windows Malware you got a malware sample from the wild. Your task is to discover what the malware does by analyzing it

INSTRUCTIONS TO CANDIDATES
ANSWER ALL QUESTIONS

Malware Analysis

Agenda
• Part 1: Analyzing Windows Malware
• Part 2: Analyzing Android Malware
Scenario
• Analyzing Windows Malware
• You got a malware sample from the wild. Your task is to discover what the malware does by analyzing it
• How do you discover the malware’s behaviors?
• Static Analysis
• Manual Reverse Engineering
• Programming binary analysis
• Dynamic Analysis
• Network behavioral tracing
• Run-time system behavioral tracing(File/Process/Thread/Registry)
• Symbolic Execution
• Fuzzing
• In our scenario, you are going to analyze the given malware with tools that we provide.
• These tools help you to analyze the malware with static and dynamic analysis.
• Objective
1. Find which server controls the malware (the command and control (C2) server)
2. Discover how the malware communicates with the command and control (C2) server
• URL and Payload
3. Discover what activities are done by the Linux malware
• Attack activities

• Requirement
• Make sure that no malware traffic goes out from the virtual machine
• But, updating the malware (stage 2), and downloading the Linux malware (stage 3) must be allowed for us to understand the malware’s behavior
• The command and control server is dead. You need to reconstruct it
• Use tools to reconstruct the server, then reveal hidden behaviors of the malware
• Analyze network traffic on the host, and figure out the list of available commands for the malware
• Analyze network traffic trace of the host, and figure out what malware does
• Write down your answer into assignment-questionnaire.txt
Project Structure
• A Virtual Machine for Malware analysis
• Please install/update to the latest version of VirtualBox.
• https://www.virtualbox.org/wiki/Downloads

• Download the VM
• Download the project VM from one of the following links
• https://b.gatech.edu/37gIH4o

• Unarchive the file with 7zip and password is cs6262
• MD5 Hash: 07f0248a5e78e8cfdd29176bb8b12b

• Network Configurations
• tap0
• Virtual network interface for Windows XP
• IP Address: 192.168.133.101
• br0
• A network bridge between Windows XP and Ubuntu
• IP Address: 192.168.133.1
• enp0s3
• A network that faces the Internet
• IP Address: 10.0.2.15 (it varies with your VirtualBox settings)

(5/5)
Attachments:

Related Questions

. Introgramming & Unix Fall 2018, CRN 44882, Oakland University Homework Assignment 6 - Using Arrays and Functions in C

DescriptionIn this final assignment, the students will demonstrate their ability to apply two ma

. The standard path finding involves finding the (shortest) path from an origin to a destination, typically on a map. This is an

Path finding involves finding a path from A to B. Typically we want the path to have certain properties,such as being the shortest or to avoid going t

. Develop a program to emulate a purchase transaction at a retail store. This program will have two classes, a LineItem class and a Transaction class. The LineItem class will represent an individual

Develop a program to emulate a purchase transaction at a retail store. Thisprogram will have two classes, a LineItem class and a Transaction class. Th

. SeaPort Project series For this set of projects for the course, we wish to simulate some of the aspects of a number of Sea Ports. Here are the classes and their instance variables we wish to define:

1 Project 1 Introduction - the SeaPort Project series For this set of projects for the course, we wish to simulate some of the aspects of a number of

. Project 2 Introduction - the SeaPort Project series For this set of projects for the course, we wish to simulate some of the aspects of a number of Sea Ports. Here are the classes and their instance variables we wish to define:

1 Project 2 Introduction - the SeaPort Project series For this set of projects for the course, we wish to simulate some of the aspects of a number of

Ask This Question To Be Solved By Our ExpertsGet A+ Grade Solution Guaranteed

expert
Atharva PatilComputer science

827 Answers

Hire Me
expert
Chrisantus MakokhaComputer science

535 Answers

Hire Me
expert
AyooluwaEducation

550 Answers

Hire Me
expert
RIZWANAMathematics

771 Answers

Hire Me

Get Free Quote!

263 Experts Online