实用恶意软件分析

Vestnik Dagestanskogo Gosudarstvennogo Tehniceskogo Universiteta Tehniceskie Nauki Pub Date : 2023-10-28 DOI:10.21822/2073-6185-2023-50-3-66-71

D. A. Elizarov, A. V. Katkov

{"title":"实用恶意软件分析","authors":"D. A. Elizarov, A. V. Katkov","doi":"10.21822/2073-6185-2023-50-3-66-71","DOIUrl":null,"url":null,"abstract":"Objective . Currently, the main method of attack on organizations is malware. The problem of strengthening protection against this type of attack remains relevant and requires new approaches. The main task is to analyze malware to assess threats and timely detection and take action. Method . For analysis, you should use an isolated environment with a customized environment and software. Result . This paper describes the process of creating an isolated stand for malware analysis and conducted a practical analysis of the malware.bin file taken from the cyberdefenders.org educational resource. Network interfaces are configured to prevent impact to the network that connects the two virtual machines. As a result of the analysis of the techniques and features used in this malware, it was revealed that it belongs to the Dridex family of banking Trojans. To obtain information from this family, you can use the AppGate Lab Dridex Toolkit. Conclusion . Based on the analysis performed using static and dynamic methods, detection rules can be developed for further identification of malware.","PeriodicalId":31714,"journal":{"name":"Vestnik Dagestanskogo Gosudarstvennogo Tehniceskogo Universiteta Tehniceskie Nauki","volume":"286 4","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-10-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Practical Malware Analysis\",\"authors\":\"D. A. Elizarov, A. V. Katkov\",\"doi\":\"10.21822/2073-6185-2023-50-3-66-71\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Objective . Currently, the main method of attack on organizations is malware. The problem of strengthening protection against this type of attack remains relevant and requires new approaches. The main task is to analyze malware to assess threats and timely detection and take action. Method . For analysis, you should use an isolated environment with a customized environment and software. Result . This paper describes the process of creating an isolated stand for malware analysis and conducted a practical analysis of the malware.bin file taken from the cyberdefenders.org educational resource. Network interfaces are configured to prevent impact to the network that connects the two virtual machines. As a result of the analysis of the techniques and features used in this malware, it was revealed that it belongs to the Dridex family of banking Trojans. To obtain information from this family, you can use the AppGate Lab Dridex Toolkit. Conclusion . Based on the analysis performed using static and dynamic methods, detection rules can be developed for further identification of malware.\",\"PeriodicalId\":31714,\"journal\":{\"name\":\"Vestnik Dagestanskogo Gosudarstvennogo Tehniceskogo Universiteta Tehniceskie Nauki\",\"volume\":\"286 4\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2023-10-28\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Vestnik Dagestanskogo Gosudarstvennogo Tehniceskogo Universiteta Tehniceskie Nauki\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.21822/2073-6185-2023-50-3-66-71\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Vestnik Dagestanskogo Gosudarstvennogo Tehniceskogo Universiteta Tehniceskie Nauki","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.21822/2073-6185-2023-50-3-66-71","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

摘要

目标。目前，针对企业的主要攻击方式是恶意软件。加强防范这类攻击的问题仍然具有现实意义，需要采取新的办法。主要任务是对恶意软件进行分析，评估威胁，及时发现并采取措施。方法。为了进行分析，您应该使用带有自定义环境和软件的隔离环境。结果。本文描述了创建一个用于恶意软件分析的隔离站的过程，并对取自cyberdefenders.org教育资源的malware.bin文件进行了实际分析。配置网络接口以防止对连接两个虚拟机的网络造成影响。通过对该恶意软件所使用的技术和特征的分析，我们发现它属于Dridex银行木马家族。要获取该家族的信息，您可以使用AppGate Lab Dridex Toolkit。结论。基于静态和动态方法的分析，可以制定检测规则，进一步识别恶意软件。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Practical Malware Analysis

Objective . Currently, the main method of attack on organizations is malware. The problem of strengthening protection against this type of attack remains relevant and requires new approaches. The main task is to analyze malware to assess threats and timely detection and take action. Method . For analysis, you should use an isolated environment with a customized environment and software. Result . This paper describes the process of creating an isolated stand for malware analysis and conducted a practical analysis of the malware.bin file taken from the cyberdefenders.org educational resource. Network interfaces are configured to prevent impact to the network that connects the two virtual machines. As a result of the analysis of the techniques and features used in this malware, it was revealed that it belongs to the Dridex family of banking Trojans. To obtain information from this family, you can use the AppGate Lab Dridex Toolkit. Conclusion . Based on the analysis performed using static and dynamic methods, detection rules can be developed for further identification of malware.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Vestnik Dagestanskogo Gosudarstvennogo Tehniceskogo Universiteta Tehniceskie Nauki

自引率

0.00%

发文量

审稿时长

8 weeks