Malware Traffic Analysis with Wireshark

11/16/2020

Malware Analysis: “The process of dissecting malware to understand its core components and source code, investigating its characteristics, functionality, origin, and impact to mitigate the threat and prevent future occurrences.”

There are 4 types of Malware Analysis typically practiced in todays standards

1. Static malware analysis
   • Evaluate a system to determine enough to confirm an (IOC) indicator of compromise
2. Dynamic malware analysis
   • let the malware play out and observe how it works… usually causes damage beyond repair to a host system
3. Manual malware analysis
   • Attempt to reverse engineer the malware with debugging tools
4. Automated malware analysis
   • Pass the malware through an automated workflow where its behavioral and static properties can be evaluated and only the most important indicators raised to the analyst for resolution.

Each type of malware analysis has its own purpose. It’s advisable to execute all of them in conjunction to create a holistic picture of what the malicious app is capable of and how to prevent its entry into user systems. Particularly, the manual code reversal approach aids in getting to the very root of the problem. The manual process is of course time intensive and expensive but is one of the best ways of understanding why the malware was created in the first place.