{"id":432,"date":"2025-04-27T20:45:32","date_gmt":"2025-04-27T20:45:32","guid":{"rendered":"https:\/\/sites.wp.odu.edu\/jb23435\/?page_id=432"},"modified":"2025-04-27T21:00:11","modified_gmt":"2025-04-27T21:00:11","slug":"malware-analysis","status":"publish","type":"page","link":"https:\/\/sites.wp.odu.edu\/jb23435\/malware-analysis\/","title":{"rendered":"Malware Analysis"},"content":{"rendered":"\n

Task-1: Go to https:\/\/bazaar.abuse.ch\/browse\/ and select a malware with the \u201cMirai\u201d signature.
Use the \u201cSignature\u201d column to find out all the malwares with the \u201cMirai\u201d signature or use the
search option with the \u201cMirai\u201d keyword.
Task-2: Read the details of the selected malware and download the malware sample using the
\u201cdownload sample\u201d link.
Task-3: Go to https:\/\/app.any.run\/ and sign up using your odu.edu email. You will be sent a
verification link through email. Use the link to log in to the any.run dashboard.
Task-4: In any.run dashboard, choose the \u201cSubmit File \/ Email\u201d option to select the previously
downloaded malware sample in order to upload for the analysis.
Task-5: Once the malware sample is selected, click on the \u201cRun a public analysis\u201d button to
upload the sample and run a malware analysis.
Task-6: In the bottom part of the any.run screen, you will find information about HTTP
Requests, Connections, DNS Requests, and Threats under the Network tab. Here goes an
example:<\/a>
Go through all the information you find for each category (i.e., Http Requests, Connections, DNS
Requests, and Threats) and take at least one screenshot showing information from each
category.
Task-7: Explore information found in the IOC, Text Report, Graph, and ATT&CK tabs on the right
side of the screen. Take necessary screenshots showing any interesting finding. 3 points
Task-8: Based on the information you found from Task-6 and Task-7, briefly explain the main
characteristics of the malware sample.
Task-9: Go to https:\/\/bazaar.abuse.ch\/browse\/ again, but this time, select a malware sample
with the \u201cVIPKeylogger\u201d signature. Perform malware analysis repeating Task-3 to Task-7. Based
on your analysis, explain the main characteristics of this malware sample.
Task-10: Discuss the difference between Mirai and VIPKeylogger malwares in your own words.
<\/p>\n\n\n\n

Submission:<\/h2>\n\n\n\n
\"\"<\/figure>\n\n\n\n
\"\"<\/figure>\n\n\n\n

8. Connections took place in Germany and Ireland, you can see from the “Connections” tab that this malware tries to open a number of connections. Since it’s a Mirai botnet, it will try to infect a number of IoT devices.
9. This malware sample had a virus attached to it and had the same characteristics of having
connections in Germany and Ireland. It attempted to open a executable program. 10. The difference between the Mirai and the VIPkeylogger is that the VIP malware was more of
a threat than the Mirai and attempted to execute a program rather than just mess with settings. Mirai malware focused on infecting IoT devics while VIPKeyloggers focus mostly on tracing keystrokes.<\/p>\n","protected":false},"excerpt":{"rendered":"

Task-1: Go to https:\/\/bazaar.abuse.ch\/browse\/ and select a malware with the \u201cMirai\u201d signature.Use the \u201cSignature\u201d column to find out all the malwares with the \u201cMirai\u201d signature or use thesearch option with the \u201cMirai\u201d keyword.Task-2: Read the details of the selected malware and download the malware sample using the\u201cdownload sample\u201d link. Task-3: Go to https:\/\/app.any.run\/ and sign… <\/p>\n

Read More<\/a><\/div>\n","protected":false},"author":24719,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"_links":{"self":[{"href":"https:\/\/sites.wp.odu.edu\/jb23435\/wp-json\/wp\/v2\/pages\/432"}],"collection":[{"href":"https:\/\/sites.wp.odu.edu\/jb23435\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/sites.wp.odu.edu\/jb23435\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/sites.wp.odu.edu\/jb23435\/wp-json\/wp\/v2\/users\/24719"}],"replies":[{"embeddable":true,"href":"https:\/\/sites.wp.odu.edu\/jb23435\/wp-json\/wp\/v2\/comments?post=432"}],"version-history":[{"count":3,"href":"https:\/\/sites.wp.odu.edu\/jb23435\/wp-json\/wp\/v2\/pages\/432\/revisions"}],"predecessor-version":[{"id":457,"href":"https:\/\/sites.wp.odu.edu\/jb23435\/wp-json\/wp\/v2\/pages\/432\/revisions\/457"}],"wp:attachment":[{"href":"https:\/\/sites.wp.odu.edu\/jb23435\/wp-json\/wp\/v2\/media?parent=432"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}