Malware Analysis

Scope of provided service.

Advanced information security service, which helps v4ensics customers:

(A) Proactively prevent malware infections by using early warnings and indicators of compromise and

(B) Respond more effectively to security incidents, which are related to malware infections.

The service aims to assist you by initially detecting, with a certain level of certainty, whether a software is malicious. In a second stage, v4ensics provides you with expert advice on  possible countermeasures to prevent malware infection, as well as measures to mitigate the damage and eventually prevent similar incidents in the future.

Service description.

    Threat actors, regardless of their capabilities and goals, will employ various types of software in order to achieve their nefarious goals

    V4ensics provides a malware analysis service:

    1. The service entails analyzing a potentially malicious software, located on your systems by utilizing various sources (e.g., e-mail attachment, abnormal system behavior, download from a potentially malicious webpage, unknown file found on a web server) or found during another V4ensics service (e.g. digital forensics service).
    2. Depending on the provided service plan (basic, advanced or premium), V4ensics aims to analyze or / and fully reverse engineer any found suspicious software, to derive insightful results that will enable V4ensics to assess the information security risks, which the software can expose you to.
    3. Depending on the provided service plan, V4ensics experts can manually inspect the software in question without exposing potentially sensitive and proprietary data (ex. in a targeted attack where the software contains customer-specific data within its code).

    Based on the above, v4ensics team extracts a set of indicators of compromise that allows to:

    • detect with a certain level of certainty, whether a software is malicious
    • classify a malicious software to possible malware family(ies)
    • extract command and control IP addresses or domains utilized by the relevant threat actor
    • determine potentially existing persistence mechanisms.

    Service plans.

    Basic malware analysis:

    A fully automated (static and dynamic) analysis is performed using V4ensics  automated analysis tools, which include, among others, malware analysis sandboxes.

    Reports produced by the automated analysis tools are evaluated by V4ensics team and our customers are presented with a small executive report that entails whether the file is malicious or not and which security measures need to be taken.

    The report is accompanied with IOCs (e.g., domains, IPs, file hashes) as well as potential YARA rules, which can be used to scan the client’s network for further malware infection.

    The scan is performed using specialized tools and can be performed by the customer, if the customer has the necessary technical expertise, or by V4ensics as part of a another provided service (Incident Response Service).

    Advanced malware analysis:

    The advanced malware analysis service extends the basic malware analysis service. The V4ensics malware analysis team evaluates results from automated tools mentioned before and augments the performed analysis by performing behavioral analysis.

    This type of analysis involves interaction with the sample and usually entails memory analysis as well as packet capture analysis, which analyses memory and traffic from a live system where the sample is executed. 

    Our customers are presented with a detailed technical report which describes how the malware behaves and how the client can identify an infection related to the sample as well as protect himself by potentially incorporating security measures, which were not obvious from the automated analysis results.

    This report is again accompanied by IOCs (domains, IPs, file hashes), as well as potential YARA rules, which can be used to scan the client’s network for further malware infection.

    Premium malware analysis:

    In the premium malware analysis service which V4ensics provides, the V4ensics malware analysis team attempts to reverse – engineer the potential malicious sample, build a custom decryptor (if deemed necessary), utilize threat intelligence and correlate the sample to known attacks or other similar malware samples.

    In case that the sample analyzed is related to a ransomware, V4ensics team attempts to identify the encryption used and looks for potential weaknesses in the encryption implementation. In the latter case, if decryption is possible, building a decryptor is part of other services provided by V4ensics, namely Incident Response and Digital Forensics service.