Malware Analysis Tools YOU COULD USE

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

now we all know about fars total but in this video I want to talk about some of the more advanced tools that can give you an expert view of malware video sponsor nor VPN the first one we're going to look at is last activity view which is actually a forensic tool but if you open it as you can see this is by near soft and it's going to tell us exactly what is happening in our system and all of our past activities it shows the exact action that was taken and at what time and by which application so this is kind of like a log book of everything that is happening on your system and as you've noticed it is not just the things that you do it is also everything that's happening in the background so we have a lot of Windows processes here so Microsoft Edge executing SVC host but you can also see where I opened this particular folder just before the video and it says view folder in explore which is exactly what I did so even if you're not an advanced user you can do a lot of forensics by opening this up and you can see see if a malware is doing any kind of malicious activity in the background or if a malware is executing so this is a great addition to the tools that you already have with CIS internals and the best part is the language is so simple anybody could use it the next tool we're going to look at is a little bit more advanced it's called Kappa this is part of an open- source project by ment which is very respected cyber security company and this tool specifically allows you to analyze any kind of malware executable be it for Windows Mac or Linux it is a command line tool so we're going to have to run it inside of terminal but don't be intimidated cuz it's actually ridiculously easy to use so all you have to do is kappa. exe and then you just need to type in the directory of whatever sample you want to analyze so we're going to pick a ransomware sample here from a ransomware folder so I'll just paste in the directory and then we're going to select Cony which is a well-known ransomware when we hit enter it's going to analyze the program it's going to load all of the functions and libraries that the program has and it's going to give us an in-depth view of what's actually inside the program and the type of capabilities it has and as you can see right away we've got some Critical Hits so it tells us that this program has cryptographic components and it has an encryption key which is a dead giveaway that could be ransomware in the same line we've got data manipulation and it has the capability to encode data into exor which again is closely associated with ransomware behavior that's partly what they do they do different exort operations you've also got things like defense evasion obfuscation of files and information using the encoding standard algorithm you've also got anti-b behavioral analysis components execution via shared modules and these are different miter attack categories but again you've got a detailed analysis of the different capabilities it has we even know the exact methods it's using to encrypt the data the hashing techniques and the pdb path we've also obviously got the different hashes if you want to just copy that the architecture and the fall format and the operating system it's for pretty neat huh now all of this is coming from static analysis but if you want to take it one step further that's our next tool triage recorded Futures sandbox as you can tell you can drag and drop a file here for them to analyze and once the analysis is complete you're going to get a pretty comprehensive report of what the file did in an online sandbox now the sandbox environments are configurable so it can be Windows 10 or 11 and the interesting thing about using this tool is it's going to give you different tags based on what it thinks the malware might be so for example these have got persistence capabilities and they're likely to be ransomware we've also got an XM rig minor over here we've also got a scoring system that gives us the likelihood of something being malicious so these are all a solid 10 above five is when it think something is suspicious but if we open one of these reports as you can see we've got the general data here but if we scroll down we can see a lot more so if we look at the behavioral analysis specifically we can see all of the processes involved we can see all these process in system 32 and damn this is a long list but if we get to the bottom of it we can also see uh the network activity any connections that it made so this one made some TCP connections to Germany and if we scroll down we can also see a replay of the file so this is just like running it in a VM and watching the video so you don't have to necessarily set up a VM yourself run the sample inside it it's doing all of that for you and you can configure it to run for 10 seconds 20 seconds however long you want and then it's just going to record the video and you can watch it post analysis and see exactly what's happening so of course this is a minor so we just have command prom window but if it was ransomware you could see the ransom node pop up over here so it's a great way to automate some of the malware analysis that you're doing one of the reasons I've been using triage a lot in the past months is mostly the API and the ease of uploading a vast amount of samples and generating the reports because you can access these specific data fields and the specific tags via a python script so you don't necessarily have to get an entire report but you can just capture those variables and then use it for your own kind of analysis system so if you're looking to go beyond and just use their tool and extended for your own use case I have found this to be quite useful now of course you've also got the classics like hybrid analysis which have a similar sandbox execution capability I just like the Simplicity of triage which is why I've been using it lightly so hopefully you're going to find at least one of these tools useful for your own needs please like and share it if that's the case and let me know in the comments down below if you've heard of these tools which one you find helpful and if you've never heard of them but you're kind of interested in the kind of tools I use well there you go that's going to get you started for the year good hunting a VPN is an essential tool if you're trying to do security research cuz you don't want hackers to be able to track you nordvpn allows me to pick any location in the world so if I wanted to visit Switzerland cuz it's a wonderful place I can just click a button and now I will be connected to Switzerland which means if a hacker is trying to track me they're going to think I'm in Switzerland when I'm in the UK it also has things like threat protection they their own cloud scanner that's going to scan your downloads they also have a great feature called meshnet so if you're looking to set up a VPN to play games or so your devices can talk to each other or stream things from one device to another you can use that you've also got a dark web monitor so you can check if your email has been leaked or any personal details have been disclosed in the data breach if you'd like to check them out go to nordvpn.com SL tpsc and you can get a great deal with 4 months for free thank you all so much for watching and as always stay informed stay secure

Info

Channel: The PC Security Channel

Views: 56,910

Rating: undefined out of 5

Keywords: The PC Security Channel, TPSC, cybersecurity, cyber security, computer security, internet security, antivirus, anti malware, ransomware, trojan, virus, PUP, best antivirus, best internet security, learn cybersecurity, hacking, hack, security, technology, cyber insurance, cybersecurity degree, best EDR, EDR, malware analysis tools, capa, triage, malware analysis, best malware analysis tools

Id: vdZs-geDrM4

Channel Id: undefined

Length: 7min 19sec (439 seconds)

Published: Wed Jan 10 2024