Quick JavaScript Analysis

From Colin Hardy
Revision as of 21:44, 9 April 2017 by M0atz (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

TL;DR


Here I take a look at an interesting malicious JavaScript downloader sample, taken from VirusTotal, and do some quick-and-dirty code analysis techniques to extract the network and file indicators necessary to protect your environment. Performing code analysis of obfuscated code can be tricky, however often times it literally is about ignoring the noise and focussing on variables / strings that stick out and look interesting. The official method is known as 'poking about'. It is useful to run the code in a malware lab, but even more interesting to uncover the hidden code within the file to ensure that what you are seeing in your behavioural analysis is in fact the full picture. Often times code will execute differently in Virtualised environments and you may not always see all the network indicators a sample has to offer.

In the video I reference the use of GCHQ's fantastic set of tools called CyberChef. Check it out here.

Video