Malware Analysis

During the process of security incident analysis, it is crucially important to understand:

• Whether the attack was deliberately aimed at your company.
• What tools and vulnerabilities were used in the attack.
• Behaviour analysis of the malware used by the malicious parties involved.
• Assessing the possibility of restoring data in case of encryption and (e.g. ransomware attack).

Utilizing both dynamic and static analysis of the malware, we will attempt to answer the following questions:

• What is the main purpose of the malware?
• Does the malware have any capabilities of infecting other systems?
• What information do the malware store and sends to the malicious actor?
•  Is there additional, latent risk to the infrastructure and can it be avoided?

Malware analysis is often done following an attack in order to obtain detailed information regarding the attack, its origins and its purpose. Given the scenario of a particular attack, by carefully investigating the malware in a detailed manner, it may even be possible to identify the attacker. Malware analysis seeks to find answers to the following:

• The main purpose of the malware.
• Any extraneous, hidden or latent functionality.
• Whether the malware used was specifically created (targeted attack).
• Origin of the malware.
• What data is sent to the attacker?
• Data recovery options (in case of data encryption).
• Assessment of additional risk to infrastructure.