Featured

Fuzzy Hashing

I’ve been doing some more malware analysis during my free time and started using some more techniques such as fuzzy hashing with SSDEEP and import hashing. It’s an easy way to find out what sort of malware an otherwise unknown executable is. Fuzzy hashing with SSDEEP works by hashing through a different algorithm designed for […]

Read More Fuzzy Hashing
Featured

Ransomware Quarantine Using ExtraHop

One of ExtraHop’s key differentiators is its ability to detect Ransomware attacks as they are occurring. It does this by analyzing all of the CIFS traffic over the wire in real-time and determines if the activity is malicious based on four different rules.  Ransomware Type Definitions: BLACKLIST This approach checks file extensions against a listing […]

Read More Ransomware Quarantine Using ExtraHop
Featured

DFIR Scenario #1 Lone Wolf

Introduction This fictional digital investigation scenario examines the disk image and memory of a person’s laptop that was seized. The suspect in question is believed to be planning a mass shooting attack. Our role as the forensic investigator is to find evidence that either supports or disproves this allegation. Acquisition The forensic examiner present during […]

Read More DFIR Scenario #1 Lone Wolf

Trojan.XMRig Analysis

Example.exe     MD5 – 60d7e7d1522a81917dde26bb9b5f4260     SHA256 – 9017dc9b43b1e8442dd4d423bec02820fde2a0efef05dc81926762e0ff8f263c I took a quick look at Malshare today and saw this interesting file named example.exe and I decided to analyze it. Let’s start with some static analysis. On Malshare, it was reported to have a UPX Packer YARA hit. I took a look at it in […]

Read More Trojan.XMRig Analysis