dynamic analysis

All posts tagged dynamic analysis

Analysing CryptoLocker with unpack.py: Network Communications (part 3)

Posted by karl on 2016-05-13
Posted in: Malware Analysis. Tagged: , , . 1 comment

Previous posts in this series have demonstrated how unpack.py, when used on a CryptoLocker variant, extracts the malicious PE file injected in to explorer.exe, and how it can also be used to analyse the injected PE file. This post demonstrates how unpack.py can now be used to analyse our CryptoLocker variant’s network communications by dumping the cleartext traffic sent over its HTTPS connections.

Continue Reading

Increase in MySQL Attacks: Dynamic Analysis — Dropped Files and Cuckoo Problems

Posted by karl on 2013-01-10
Posted in: Malware Analysis. Tagged: , , , . Leave a Comment

Seeing an increase in MySQL attacks hitting your network and interested in knowing more about them? This post follows on from the previous post which discussed how to run a Cuckoo Sandbox analysis of a MySQL attack.

This post starts analysing the results and notices an issue with a particular malware trait and Cuckoo (v0.4.2). Awfully gripping stuff — I was on the edge of my seat, but then that could be because my table was too far away from my chair. Continue Reading

Dynamic Analysis of MySQL Attacks with Cuckoo

Posted by karl on 2012-12-11
Posted in: Malware Analysis, Python. Tagged: , , , . 1 comment

It’s nice to use dynamic analysis to corroborate the findings from static analysis, but what if you face an SQL attack? What if the attack caused the MySQL server to drop an executable file and pass control to it, or if the attack was exploiting a remote code execution vulnerability? I developed a Cuckoo package, misql.py, to allow me to dynamically analyse some of the effects of MySQL attacks. Continue Reading