#research

5 posts under #research.

Fishing for Malware — Part Five: Finale

2022-02-09 • Analysis of malware dropped into my Google Cloud honeypot – an examination of collected data

Finally, here we are — the conclusion of my honeypot experiment. My original intention was to aim for a total of one million logged attacks, at which point I would shut down the honeypot. However, schoolwork fully occupied my attention for a brief period. Thus, I considered it a better idea to continue collecting data until I could find time to perform a proper analysis.

Fishing for Malware — Part Three: WannaCry

2022-01-25 • Analysis of malware dropped into my Google Cloud honeypot – WannaCry

Catching WannaCry One very interesting binary uploaded to my honeypot not only once, but several times from multiple hosts around the world, was WannaCry. Yes, nearly five years after the Shadow Brokers sold the NSA’s EternalBlue exploit to the notorious Pyongyang-based (alleged) Lazarus Group, who then developed and released WannaCry, one of the most damaging ransomware packages is still in active distribution.

Fishing for Malware — Part Four: Raspberry Pi IRC Bot

2022-01-25 • Analysis of malware dropped into my Google Cloud honeypot – fun with Bash on R. Pi

While dissecting binaries using Ghidra, Strings, and Hexdump makes for a fun puzzle in itself, it’s also fascinating to inspect the raw source code of malware. Cowrie, a Telnet and SSH honeypot with emulates a Unix environment packaged within T-Pot, captured quite the interesting Bash script, which includes a variety of malicious elements specifically designed for the Raspberry Pi platform.

Fishing for Malware — Part Two: Android Crypto Miner

2022-01-23 • Analysis of malware dropped into my Google Cloud honeypot — pulling apart a rudimentry Android cypto miner

Information Indicators of Compromise MD5: 8844985fcd57b0311d1d4cb2ec13a1ef SHA-1: a0c07fe897515e5575a72f94f9dea8c077a410ff SHA-256: 0d3c687ffc30e185b836b99bd07fa2b0d460a090626f6bbbd40a95b98ea70257 Package name: com.ufo.miner Connected domain: coinhive.com Unexpected high utilization of Android device resources File Magic: APK archive Language: Java Size: 45.43 KB See this file on VirusTotal As the heading and package name imply, this is a crypto miner developed for Android devices.

Fishing for Malware — Part One: Introduction

2022-01-22 • Analysis of malware dropped into my Google Cloud honeypot — preliminary notes

Intro Over the past week three weeks (school occupied my time), I have left a honeypot (T-Pot, courtesy of Telekom) running, hosted on a VM instance in Google Cloud. After all, what better way to thank Google for the $400 of free Cloud Compute resources they gifted me than to attract malware-distributing bots and hackers directly to their data centers?