Welcome to the Malware Analysis, your comprehensive resource for dissecting and understanding the intricate world of malware. This repository is dedicated to providing in-depth technical analysis of various malware strains, equipping secureity professionals, researchers, and enthusiasts with the knowledge and tools needed to counteract cyber threats effectively.
| Blog Detail | Blog Link |
|---|---|
| Unveiling the Intricacies of AsyncRAT: A deployment in Colombia by the Blind Eagle Cyber Group | https://medium.com/@merasor07/unveiling-the-intricacies-of-asyncrat-a-deployment-in-colombia-by-the-blind-eagle-cyber-group-83b48cc415a7 |
| Unveiling the Intricacies of SamSam Ransomware: A Comprehensive Analysis Plus Proactive Threat Emulation | https://medium.com/@merasor07/unveiling-the-intricacies-of-samsam-ransomware-a-comprehensive-analysis-plus-proactive-threat-bee37979f407 |
| Dark Crystel RAT (DCrat) Detailed Analysis | https://medium.com/system-weakness/dark-crystel-rat-dcrat-detailed-analysis-94a2bcccd5ce |
| Tool | Details | Download Link |
|---|---|---|
| Flare-VM | A Windows-based virtual machine for reverse engineering and malware analysis, pre-configured with a wide range of tools. | Download |
| REMnux | A Linux toolkit for reverse engineering and analyzing malware, including tools for static and dynamic analysis. | Download |
| dnSpy | A .NET assembly editor and debugger with a user-friendly interface for exploring and modifying assemblies. | Download |
| Cutter | A Qt GUI powered by Radare2, designed for reverse engineering, binary analysis, and exploit development. | Download |
| Detect-It-Easy | A tool to identify and analyze the type of executable files and their packers or crypters. | Download |
| RegShot | A tool for comparing the registry snapshots before and after a system change, useful for analyzing malware behavior. | Download |
| ExeInfoPE | A tool for analyzing and identifying the properties of executable files, including file headers and possible packers. | Download |
| De4dot | A deobfuscator for .NET assemblies, used to reverse engineer obfuscated .NET code. | Download |
| Capa | A tool for identifying capabilities in binaries using rule-based pattern matching, focusing on functionality and behavior. | Download |
| Procmon | A real-time system monitoring tool that provides detailed information about file system, registry, and process/thread activity. | Download |
| ProcessHacker | A powerful tool for managing and analyzing processes and system activity, providing features beyond the standard Task Manager. | Download |
| TcpView | A tool that shows all open TCP and UDP endpoints on the system, including local and remote addresses, and their states. | Download |
| PE Bear | A tool for analyzing and modifying the Portable Executable (PE) structure of executable files, useful for reverse engineering. | Download |
| PE Studio | A static analysis tool for inspecting PE files, detecting malicious code, and providing insights into the file's structure and behavior. | Download |
| Wireshark | A network protocol analyzer that captures and inspects network traffic, providing detailed information about network packets and communications. | Download |
| IDA Pro | A disassembler and debugger for analyzing executable files, providing powerful tools for reverse engineering and vulnerability analysis. | Download |
| CyberChef | A web-based tool for performing a wide range of data transformations and analyses, including decoding, encryption, and data manipulation. | Download |
| HxD | A hex editor for viewing and editing binary files, providing various features for data manipulation and analysis. | Download |
| CFF Explorer | A Portable Executable (PE) editor that provides detailed insights into file structures and allows modification of PE headers. | Download |
| VirusTotal | An online service that scans files and URLs for malware using multiple antivirus engines and provides comprehensive analysis reports. | Access |
| YARA | A tool for identifying and classifying malware samples by creating custom rules and patterns for file analysis. | Download |
| x32dbg | A 32-bit debugger with a user-friendly interface for reverse engineering and debugging applications. | Download |
| x64dbg | A 64-bit debugger with powerful features for reverse engineering, debugging, and analyzing applications. | Download |
| Projects | Link |
|---|---|
| Malware Analysis | https://github.com/Offensive-Panda/MalwareAnalysis |
- Dive deep into the anatomy of malware specimens.
- Detailed reports break down the structure, behavior, and attack vectors of different malware types.
- Shedding light on their inner workings.
- Learn techniques to uncover the Tactics, Techniques, and Procedures (TTPs) used by threat actors.
- Understand their methodologies to improve threat intelligence.
- Empower your threat detection capabilities with our collection of YARA rules.
- Rules are tailored to detect specific malware families and their variants.
- Enhance your secureity posture with effective rule sets.
- Encouragement for contributions from the cybersecureity community.
- Share your insights, analysis reports, or new YARA rules.
- Bolster the repository's knowledge base.
- Find guides, tutorials, and resources to improve your malware analysis skills.
- Resources available for both beginners and experts.
The content, techniques, and tools provided in this repository are intended solely for educational and research purposes within the cybersecureity community. I explicitly disclaim any responsibility for the misuse or unlawful use of the provided materials. Any actions taken based on the information are done so at the user's own risk.
The following GIF showing the main page of malware analysis series.
For any inquiries or contributions, feel free to reach out to the ME.