Skip to content

cybersecurity-dev/awesome-static-linux-malware-analysis

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
 
 
 
 
 
 
 
 

Repository files navigation

Awesome Static Linux Malware Analysis Awesome

Linux YouTube Reddit

GitHub   YouTube   My Awesome Lists

📖 Contents

Static Malware Analysis Steps

1. Step Scanning with Anti-malware

When initially analyzing suspected malware, a recommended first step is to scan the sample using multiple antivirus engines, as it may have already been identified and classified. Services such as VirusTotal are particularly useful for this purpose, as they aggregate results from numerous security vendors in a single platform.

md5sum "/path/to/your/file.elf"
sha256sum "/path/to/your/file.elf"
sha1sum "/path/to/your/file.elf"

2. Step Extract Strings

String extraction is a critical step in static malware analysis because it allows you to quickly gain insight into a binary without executing it.

  • with binutils/strings:
    strings -n 4 /path/to/your/file.elf
    • -n Locate & print any sequence of at least
    • --bytes= displayable characters. (The default is 4).
  • with r2/rabin2:
    rabin2 -zz /path/to/your/file.elf
    • rabin2 -z file.bin : List strings from data sections
    • rabin2 -zz file.bin : List all detected strings
    • rabin2 -zzq file.bin : Show only string text
    • rabin2 -zr file.bin : Generate radare2 commands for string flags

3. Step Detect Packed and Obfuscated Malware

Exercises

My Other Awesome Lists

You can access the my other awesome lists here

Contributing

Contributions of any kind welcome, just follow the guidelines!

Contributors

Thanks goes to these contributors!

License

CC0

🔼 Back to top

About

Awesome Static Linux Malware Analysis

Topics

Resources

License

Stars

1 star

Watchers

0 watching

Forks

Contributors