Lab - Analyzing Potentially Malicious Files
Scenario
In this lab, you will learn about analyzing files that may be malicious.
As a cybersecurity analyst, you are working to discover weaknesses and vulnerabilities that your organization, Structureality Inc., needs to mitigate throughout its internal network. This lab focuses on the tools and services that can assist you in determining if a file is benign or suspicious, possibly malicious. In this lab, you will explore the services of Joe Sandbox Cloud. Next, you will perform malware investigation via URL and hash submission at VirusTotal. Finally, you will perform suspicious file hash searches at the MetaDefender website.
Your cybersecurity analyst (CySA) workstation, running Kali Linux, is located in Structureality’s server subnet.
Understand your environment
You will be working from a virtual machine named KALI hosting Kali Linux.
Scenario
In this lab, you will learn about analyzing files that may be malicious.
As a cybersecurity analyst, you are working to discover weaknesses and vulnerabilities that your organization, Structureality Inc., needs to mitigate throughout its internal network. This lab focuses on the tools and services that can assist you in determining if a file is benign or suspicious, possibly malicious. In this lab, you will explore the services of Joe Sandbox Cloud. Next, you will perform malware investigation via URL and hash submission at VirusTotal. Finally, you will perform suspicious file hash searches at the MetaDefender website.
Your cybersecurity analyst (CySA) workstation, running Kali Linux, is located in Structureality’s server subnet.
Understand your environment
You will be working from a virtual machine named KALI hosting Kali Linux.
Explore Joe Sandbox Cloud
As a cybersecurity analyst, you encounter suspicious files on a regular basis. You have been tasked with determining if these files are malicious and whether the host systems need to be sanitized. You are aware of an online malware analysis service that may be able to provide detailed insight into these files, but you would like to review the site’s features, capabilities, and report options before submitting a sample. In this exercise, you will be evaluating the cloud-based sandbox-focused malware-analysis service of Joe Sandbox Cloud.
Using a malware sandbox analysis service like Joe Sandbox Cloud can provide you with detailed information about potentially malicious files you find in your environment. It is important to remember that anything uploaded to Joe Sandbox Cloud will be publicly viewable unless you subscribe to one of their Pro levels of service. As long as you don’t upload a confidential company file, then using this service can be quite informative.
File analysis with VirusTotal
If you discover a file that you suspect may be malicious, you can have it analyzed by the online service at VirusTotal. This site will scan the file using over 60 security products and provide you with a report of the findings. In this exercise, you will work with Anti-Malware test files, then use them at VirusTotal.
Use the MetaDefender to evaluate files
You have discovered a file that you are concerned about on a client workstation. The user claims not to know anything about the file. You think that it could be a hacker tool and possibly malicious, but you want to confirm that before initiating a system wipe and rebuild. You decide to perform an initial evaluation of the file via hash identification. In this exercise, you will perform suspicious file analysis through an online evaluation service.