Malware Analysis - I need some malware

I work in digital forensics and also do some incident response. I'm looking to get more into a dedicated IR role and many jobs ask for some malware knowledge. I have some initial triaging and basics stuff, but would like to learn a bit more.

I'd like to ideally download some malware to my VM to start looking at and analysing, to use as a test study.

Is there any Malware Analysts out there that can advise on a good starting point?

I know basic things like looking at :

Hash value of the malware
Running through strings
identifying packer with PeID
Static vs Dynamic analysis
Running it and looking at:
- Ports
- Processes
- Autoruns
- Scheduled tasks
- Registry changes
- New Users

But as stated, I need to just tidy my knowledge up and learn a bit more about the actual hands on stuff.

Find more posts tagged with

Comments

SteveLavoie

I have done a few CBT on Malware analysis and I am at the same point as you. What I am doing is that I redirect all catched malicious email from my company antispam to a special mailbox. It give me a lot of actual hands on stuff.

N7Valiant

Just search through "adult movie" sites.

Not joking, seems like every serious malware problem I encounter can be traced back to them.

NotHackingYou

Get an account on hybrid analysis and you can download samples

meni0n

Search for theZoo on github. Make sure to grab some **** sheets from Lenny Zeltser's site as well.

Mike7

From the primary author of SANS FOR610 Malware Reverse Engineering course

https://zeltser.com/malware-sample-sources/

636-555-3226

testmyav.com has a daily bunch. need to link it with your linkedin account. mine's been linked for awhile with no obvious spam or junk mail changes.

https://twitter.com/malware_traffic has regular postings with files, including the malware.

SteveLavoie

Thank you for all link

tedjames

N7Valiant wrote: »

Just search through "adult movie" sites.

Not joking, seems like every serious malware problem I encounter can be traced back to them.

You should stay away from those sites, then...

Seriously, it's true.

N7Valiant

tedjames wrote: »

You should stay away from those sites, then...

Seriously, it's true.

Never said I was the one who had the malware.

It's usually a client who, for some reason, lets employees browse those sites on company computers.

tedjames

I know. I was joking. They should be blocking these sites. Of course, new malicious sites pop up every day.

I seem to remember a Carnegie Mellon site that posts actual phishing emails. The site included a warning, stating that these emails are not safe and that the links are malicious.

Moldygr33nb3an

Download Windows XP on a VM.

Put it on the internet

Done