Malware Analysis

Understanding the behaviour, propagation and control of malwares

Current Challanges

  • Increasing cyber-attacks and data breaches
  • Advancement in propagation techniques & attack vectors which could easily evade anti-virus detection
  • Leading to spying, information stealing, encryption of data, etc.
  • Ignorance and lack of awareness while visiting suspicious links, pop-ups, clicking on spam attachments, installing unknown browser plug-ins, etc.

Why we need it?

Root cause analysis needs to be done to understand the

  • Latest malware trends
  • Vulnerabilities exploited
  • Propagation and attack techniques
  • Enhance user awareness

So that best defenses be implemented

Solutions

Forensics of the malware infected system:

  • Extracting information from RAM image: process list, suspicious/hidden processes, embedded malware, active network connections, etc.
  • Restore Point Forensics: corresponding to the time stamp of infection
  • Data Recovery: Recovering corrupt data
  • Windows Activity Timeline analysis
  • Indicators of Compromise (IOC’s)
  • Network Forensics

Sandbox SMA Lab:

  • Behavioral malware analysis i.e. files system changes, registry changes, suspicious network communications, etc.
  • Suspicious background activities
  • Identification of 0-day exploits
  • Identification of suspicious/malicious website
  • Application whitelisting and blacklisting
  • Network scanning (blacklisted IP/Ports)
  • Yara rule implementation