I’ve posted about dynamic and automated analysis of the Zeus malware, but what about identifying Zeus from firewall & IDS logs? After executing Zeus, my Sophos UTM generated a few alerts. This is something that would absolutely stick out to me during daily log analysis. Drilling into the alert tells us threat “C2/Zaccess-A” attempted to … Continue reading "Zeus Malware Analysis- Sophos UTM, Security Onion"
Read MoreTag: zeus malware
Zeus Malware Analysis- Any.Run
I decided to run the Zeus Malware through an automated analysis tool and compare to what I saw using dynamic analysis with Remnux. I’m using the malware analysis tool at app.any.run The free version only supports Windows 7 executables, which Zeus targets. After uploading the file, app.any.run displays a windows UI and what the malware … Continue reading "Zeus Malware Analysis- Any.Run"
Read MoreZeus Malware Analysis- Remnux
Today we’re looking at dynamic malware analysis of Zeus with Remnux Linux. I wanted to RE a windows file this week, and am just not getting anything good on my RDP honeypot (yet). I thought, what better way to start windows malware analysis than with a old piece of malware? That way if I’m missing … Continue reading "Zeus Malware Analysis- Remnux"
Read More