Analyzing Possible Malware

Hands-On Lab

 

Photo of Bob Salmans

Bob Salmans

Security Training Architect I in Content

Length

00:30:00

Difficulty

Beginner

In this lab exercise, we will take a look at how to use only tools to analyze a file to see if it has malware. We'll also use md5sum to generate the MD5 hash of a file and submit the hash to the online resources as a second means of testing a suspicious file.

What are Hands-On Labs?

Hands-On Labs are scenario-based learning environments where learners can practice without consequences. Don't compromise a system or waste money on expensive downloads. Practice real-world skills without the real-world risk, no assembly required.

Analyzing Possible Malware

Introduction

In this lab, we will learn how to analyze a file that is suspected of being malware. We will do this in two ways:

  • Upload the file directly to VirusTotal to check if it is malicious or not.
  • Create an MD5 hash of the file and then search the VirusTotal website for the hash.

Setting Up the Environment

  1. Using VNC, connect to the public IP address of the instance on port 5901 (x.x.x.x:5901).
  2. Log in using the credentials provided on the lab instructions page.
    ssh cloud_user@<PUBLIC_IP_ADDRESS>

Method 1: Download the File and Upload it to the VirusTotal Website

Download the Suspicious File

  1. Open your web browser.
  2. Navigate to the provided GitHub URL.
  3. Click Download.
  4. Save the file to your Downloads folder.

Upload the File to VirusTotal

  1. In your web browser, navigate to http://www.virustotal.com.
  2. Click Choose file.
  3. Select the file we downloaded earlier, and click Open to upload it for analysis.

Method 2: Generate the MD5 Hash of the Downloaded File and Run it through the VirusTotal Website

Generate the MD5 Hash

  1. Open your terminal application.
  2. Change to your /downloads directory.
    cd Downloads
  3. List the contents of the directory.
    ls
  4. Generate the MD5 hash of the file.
    md5sum eicar_com.zip
  5. Copy the hash to your clipboard.

Run the Hash through the VirusTotal Website

  1. In your web browser, go to the VirusTotal home page.
  2. Click the Search tab.
  3. Paste the file hash we copied to the clipboard, and click the search icon to run the analysis.

Save the Hash to Your Desktop

  1. Open gedit and copy/paste the hash into the text editor.
  2. Right click in the document, then select Paste.
  3. Click File > Save As.
  4. Choose Desktop.
  5. For Name, type "hash.txt".
  6. Click Save.

Conclusion

Congratulations, you've successfully completed this hands-on lab!