Posts

Showing posts with the label malware research

Yara: Identify and Classify Malware

Image
"The pattern matching swiss knife for malware researchers (and everyone else)" (virustotal, 2021) Introduction: Yara can recognize information based on binary and text structures, including hexadecimal and phrases included inside a file, helping cyber security researchers to identify and categorize malware models. Yara Yet Another Ridiculous Acronym 😂 is a very powerful tool and it is easy to start but a bit difficult to master. Rules: Yara uses description variables also known as rules to match suspicious files. Each rule consists of a set of strings variables and a set of conditions that return boolean values, let's see an example of a Yara rule file: rule ruleX_threat : { meta: description = "This is just an example" threat_level = 3 strings: $a = "this set of words !!!" $b = {8D 4D B0 2B C1 83 C0 27 99 6A 4E 59 F7 F9} $c = "UVODFRYSIHLNWPEJXQZAKCBGMT" $d = "175.16.102.88" condition: $a or $b or $c or $d } The shown above rule i...