Malware Analysis - I need some malware

CyberCop123CyberCop123 Member Posts: 338 ■■■■□□□□□□
I work in digital forensics and also do some incident response. I'm looking to get more into a dedicated IR role and many jobs ask for some malware knowledge. I have some initial triaging and basics stuff, but would like to learn a bit more.

I'd like to ideally download some malware to my VM to start looking at and analysing, to use as a test study.

Is there any Malware Analysts out there that can advise on a good starting point?

I know basic things like looking at :
  • Hash value of the malware
  • Running through strings
  • identifying packer with PeID
  • Static vs Dynamic analysis
  • Running it and looking at:
    • Ports
    • Processes
    • Autoruns
    • Scheduled tasks
    • Registry changes
    • New Users
But as stated, I need to just tidy my knowledge up and learn a bit more about the actual hands on stuff.
My Aims
2017: OSCP -
COMPLETED
2018: CISSP -
COMPLETED
2019: GIAC GNFA - Advanced Network Forensics & Threat Hunting -
COMPLETED
           GIAC GREM - Reverse Engineering of Malware -
COMPLETED

2021: CCSP
2022: OSWE (hopefully)

Comments

  • SteveLavoieSteveLavoie Member Posts: 1,133 ■■■■■■■■■□
    I have done a few CBT on Malware analysis and I am at the same point as you. What I am doing is that I redirect all catched malicious email from my company antispam to a special mailbox. It give me a lot of actual hands on stuff.
  • N7ValiantN7Valiant Member Posts: 363 ■■■■□□□□□□
    Just search through "adult movie" sites.

    Not joking, seems like every serious malware problem I encounter can be traced back to them.
    OSCP
    MCSE: Core Infrastructure
    MCSA: Windows Server 2016
    CompTIA A+ | Network+ | Security+ CE
  • NotHackingYouNotHackingYou Member Posts: 1,460 ■■■■■■■■□□
    Get an account on hybrid analysis and you can download samples
    When you go the extra mile, there's no traffic.
  • meni0nmeni0n Member Posts: 68 ■■■□□□□□□□
    Search for theZoo on github. Make sure to grab some **** sheets from Lenny Zeltser's site as well.
  • Mike7Mike7 Member Posts: 1,107 ■■■■□□□□□□
    From the primary author of SANS FOR610 Malware Reverse Engineering course

    https://zeltser.com/malware-sample-sources/
  • 636-555-3226636-555-3226 Member Posts: 975 ■■■■■□□□□□
    testmyav.com has a daily bunch. need to link it with your linkedin account. mine's been linked for awhile with no obvious spam or junk mail changes.

    https://twitter.com/malware_traffic has regular postings with files, including the malware.
  • SteveLavoieSteveLavoie Member Posts: 1,133 ■■■■■■■■■□
    Thank you for all link :)
  • tedjamestedjames Member Posts: 1,179 ■■■■■■■■□□
    N7Valiant wrote: »
    Just search through "adult movie" sites.

    Not joking, seems like every serious malware problem I encounter can be traced back to them.

    You should stay away from those sites, then...

    Seriously, it's true.
  • N7ValiantN7Valiant Member Posts: 363 ■■■■□□□□□□
    tedjames wrote: »
    You should stay away from those sites, then...

    Seriously, it's true.
    Never said I was the one who had the malware.

    It's usually a client who, for some reason, lets employees browse those sites on company computers.
    OSCP
    MCSE: Core Infrastructure
    MCSA: Windows Server 2016
    CompTIA A+ | Network+ | Security+ CE
  • tedjamestedjames Member Posts: 1,179 ■■■■■■■■□□
    I know. I was joking. They should be blocking these sites. Of course, new malicious sites pop up every day.

    I seem to remember a Carnegie Mellon site that posts actual phishing emails. The site included a warning, stating that these emails are not safe and that the links are malicious.
  • Moldygr33nb3anMoldygr33nb3an Member Posts: 241
    Download Windows XP on a VM.

    Put it on the internet

    Done
    Current: OSCP

    Next: CCNP (R&S and Sec)

    Follow my OSCP Thread!
Sign In or Register to comment.