dynamic analysis

All posts tagged dynamic analysis

Analysing CryptoLocker with unpack.py: Network Communications (part 3)

Posted by Karl on May 13, 2016
Posted in: Malware Analysis. Tagged: , , . 1 Comment

Previous posts in this series have demonstrated how unpack.py, when used on a CryptoLocker variant, extracts the malicious PE file injected in to explorer.exe, and how it can also be used to analyse the injected PE file. This post demonstrates how unpack.py can now be used to analyse our CryptoLocker variant’s network communications by dumping the cleartext traffic sent over its HTTPS connections.

Continue Reading

Analysing CryptoLocker with unpack.py: The unpacked payload (part 2)

Posted by Karl on March 30, 2016
Posted in: Malware Analysis. Tagged: , , . Leave a comment

This is the second part in a series of posts showing how we can use my unpack.py script to find quite a bit of useful information about a CryptoLocker variant. This post will analyse the unpacked payload that we found in part one. Continue Reading

Increase in MySQL Attacks: Dynamic Analysis — Continuing on

Posted by Karl on January 16, 2013
Posted in: Malware Analysis. Tagged: , , , . Leave a comment

Seeing an increase in MySQL attacks hitting your network and interested in knowing more about them? This post finishes the dynamic analysis and, for those who wish I’d hurry up and get to the point, contains the conclusion. This post is long, but a lot of it is log output. Continue Reading

Increase in MySQL Attacks: Dynamic Analysis — Dropped Files and Cuckoo Problems

Posted by Karl on January 10, 2013
Posted in: Malware Analysis. Tagged: , , , . Leave a comment

Seeing an increase in MySQL attacks hitting your network and interested in knowing more about them? This post follows on from the previous post which discussed how to run a Cuckoo Sandbox analysis of a MySQL attack.

This post starts analysing the results and notices an issue with a particular malware trait and Cuckoo (v0.4.2). Awfully gripping stuff — I was on the edge of my seat, but then that could be because my table was too far away from my chair. Continue Reading

Increase in MySQL Attacks: Dynamic Analysis — Running the Attack

Posted by Karl on January 7, 2013
Posted in: Malware Analysis, Vulnerabilities and Exploits. Tagged: , , , . Leave a comment

Seeing an increase in MySQL attacks hitting your network and interested in knowing more about them?  This post discusses how to run the attack within the Cuckoo Sandbox. Subsequent posts will analyse the results.

Continue Reading

Dynamic Analysis of MySQL Attacks with Cuckoo

Posted by Karl on December 11, 2012
Posted in: Malware Analysis, Python. Tagged: , , , . 1 Comment

It’s nice to use dynamic analysis to corroborate the findings from static analysis, but what if you face an SQL attack? What if the attack caused the MySQL server to drop an executable file and pass control to it, or if the attack was exploiting a remote code execution vulnerability? I developed a Cuckoo package, misql.py, to allow me to dynamically analyse some of the effects of MySQL attacks. Continue Reading