Malware Analysis

Welcome to the Malware Analysis, your comprehensive resource for dissecting and understanding the intricate world of malware. This repository is dedicated to providing in-depth technical analysis of various malware strains, equipping security professionals, researchers, and enthusiasts with the knowledge and tools needed to counteract cyber threats effectively.

Open Source Work

Blog Detail	Blog Link
Unveiling the Intricacies of AsyncRAT: A deployment in Colombia by the Blind Eagle Cyber Group	https://medium.com/@merasor07/unveiling-the-intricacies-of-asyncrat-a-deployment-in-colombia-by-the-blind-eagle-cyber-group-83b48cc415a7
Unveiling the Intricacies of SamSam Ransomware: A Comprehensive Analysis Plus Proactive Threat Emulation	https://medium.com/@merasor07/unveiling-the-intricacies-of-samsam-ransomware-a-comprehensive-analysis-plus-proactive-threat-bee37979f407
Dark Crystel RAT (DCrat) Detailed Analysis	https://medium.com/system-weakness/dark-crystel-rat-dcrat-detailed-analysis-94a2bcccd5ce

Tools and Enviornment

Tool	Details	Download Link
Flare-VM	A Windows-based virtual machine for reverse engineering and malware analysis, pre-configured with a wide range of tools.	Download
REMnux	A Linux toolkit for reverse engineering and analyzing malware, including tools for static and dynamic analysis.	Download
dnSpy	A .NET assembly editor and debugger with a user-friendly interface for exploring and modifying assemblies.	Download
Cutter	A Qt GUI powered by Radare2, designed for reverse engineering, binary analysis, and exploit development.	Download
Detect-It-Easy	A tool to identify and analyze the type of executable files and their packers or crypters.	Download
RegShot	A tool for comparing the registry snapshots before and after a system change, useful for analyzing malware behavior.	Download
ExeInfoPE	A tool for analyzing and identifying the properties of executable files, including file headers and possible packers.	Download
De4dot	A deobfuscator for .NET assemblies, used to reverse engineer obfuscated .NET code.	Download
Capa	A tool for identifying capabilities in binaries using rule-based pattern matching, focusing on functionality and behavior.	Download
Procmon	A real-time system monitoring tool that provides detailed information about file system, registry, and process/thread activity.	Download
ProcessHacker	A powerful tool for managing and analyzing processes and system activity, providing features beyond the standard Task Manager.	Download
TcpView	A tool that shows all open TCP and UDP endpoints on the system, including local and remote addresses, and their states.	Download
PE Bear	A tool for analyzing and modifying the Portable Executable (PE) structure of executable files, useful for reverse engineering.	Download
PE Studio	A static analysis tool for inspecting PE files, detecting malicious code, and providing insights into the file's structure and behavior.	Download
Wireshark	A network protocol analyzer that captures and inspects network traffic, providing detailed information about network packets and communications.	Download
IDA Pro	A disassembler and debugger for analyzing executable files, providing powerful tools for reverse engineering and vulnerability analysis.	Download
CyberChef	A web-based tool for performing a wide range of data transformations and analyses, including decoding, encryption, and data manipulation.	Download
HxD	A hex editor for viewing and editing binary files, providing various features for data manipulation and analysis.	Download
CFF Explorer	A Portable Executable (PE) editor that provides detailed insights into file structures and allows modification of PE headers.	Download
VirusTotal	An online service that scans files and URLs for malware using multiple antivirus engines and provides comprehensive analysis reports.	Access
YARA	A tool for identifying and classifying malware samples by creating custom rules and patterns for file analysis.	Download
x32dbg	A 32-bit debugger with a user-friendly interface for reverse engineering and debugging applications.	Download
x64dbg	A 64-bit debugger with powerful features for reverse engineering, debugging, and analyzing applications.	Download

Github Repo

Projects	Link
Malware Analysis	https://github.com/Offensive-Panda/MalwareAnalysis

核心功能

恶意软件技术分析

• 深入剖析恶意软件样本的内部结构。
• 详细报告拆解了不同类型恶意软件的结构、行为和攻击向量。
• 揭示其内部运作机制。

攻击者 TTP 提取

• 学习发现威胁行为者使用的战术、技术和程序 (TTPs) 的方法。
• 了解其方法论以提升威胁情报能力。

YARA 规则

• 通过我们收集的 YARA 规则增强您的威胁检测能力。
• 规则经过专门定制，可检测特定的恶意软件家族及其变种。
• 通过有效的规则集提升您的安全态势。

教育资源

• 提供指南、教程和资源以提升您的恶意软件分析技能。
• 资源适用于初学者和专家。

### 演示 以下 GIF 展示了恶意软件分析系列的主页面。  ### 联系方式 如有任何疑问或想要做出贡献，请随时联系[我](https://offensive-panda.github.io/)。

标签：DAST, IP 地址批量处理, 云资产清单, 合规性检查, 后端开发, 多模态安全, 威胁情报, 开发者工具, 恶意软件分析, 网络安全, 逆向工程, 防御加固, 隐私保护