Malware Unicorn

twitter: @malwareunicorn
Company: Endgame, Inc.
MU

View My GitHub Profile

Go Back to Reverse Engineering Malware 101

Section 2.1: Malware Techniques

The malware classes may exhibit one or more of the following techniques. Mitre Att&ck framework provides a great reference for many of these techniques.

Techniques Overview


Compression

Goto Top^


Obfuscation

alt text

Example Malware

Name Hash Link
EXTRAC32.EXE f4d9660502220c22e367e084c7f5647c21ad4821d8c41ce68e1ac89975175051 virustotal

Goto Top^


Persistence

alt text

Example: Dll Search Order Hijacking

alt text

Example Malware

Name Hash Link
Banker Trojan cb07ec66c37f43512f140cd470912281f12d1bc9297e59c96134063f963d07ff virustotal

Goto Top^


Privilege Escalation

Goto Top^


Defense Evasion

Example Malware

Name Hash Link
darkcomet backdoor 1be0ca062facda59239cc5621d0a3807a84ed7d39377041489b09d3870958fee virustotal

Goto Top^


Credential Theft

Example: Mimikatz Credential theft

alt text

Example Malware

Name Hash Link
mimikatz b4d7bfcfb8f85c4d2fb8cb33c1d6380e5b7501e492edf3787adee42e29e0bb25 virustotal

Goto Top^


Reconnaissance

Goto Top^


Lateral Movement

Example Malware

Name Hash Link
winmail.dat^QGIS-KOMIT .zip^QGIS-KOMIT .exe c0f38384dd6c1536a0e19100b8d82759e240d58ed6ba50b433e892e02e819ebb virustotal

Goto Top^


Execution

Goto Top^


Collection

Example Malware

Name Hash Link
keylogger 5d5c01d72216410767d089a3aabddf7fdbe3b88aff3b51b6d32280c3439038fa virustotal

Goto Top^


Exfiltration

Goto Top^


Command and Control

Example Malware

Name Hash Link
backdoor 02fc2d262cb0d5e9d3e8202ea69013c5c8cc197685c73c0689cbeb243d508e76 virustotal

Goto Top^

Malware Classes <- Back Next -> Section 3