CS6038/CS5138 Malware Analysis, UC

Course content for UC Malware Analysis

View on GitHub
8 April 2018

Dynamic Malware Monitoring


HW04: Dynamic Malware Monitoring

This lab has you analyze a custom malware sample that I have configured. The malware is configured to start up, perform some actions, and then subsequently attempt to connect to a remote listener. I have provided a Python program to use as a remote listener here: bdconsole.py.

You will need to use dynamic analysis techniques that were discussed in class to analyze the malware running inside of a virtual machine, and document the actions taken by the malware to install itself on the system and establish communication:

You will need to write a report that, for each step, includes a brief explanation of how you gathered the information from the running system (monitoring/instrumentation tool used, what feature was used), plus screen shots of the information where you identified it.

You will probably want to review some of the dyanmic analysis talks in the Week 8 and Week 9 Lectures. You may use any tools you feel are suitable for learning the information, such as sysmon, procmon, CaptureBAT, etc.

Submit the PDF or MSOffice doc report to blackboard (if not using MS Word, please submit a PDF version so that it displays in the blackboard system). You may also submit some of the outputs from any analysis tools if you feel it helps complete your report. I will be looking for documentation of all of the six items listed above.


tags: malware vm sysmon assignment