Exploring the Target Exfiltration Malware with Sandbox Tools

Explore the intricacies of target exfiltration malware using sandbox tools in this conference talk from Circle City Con 2014. Delve into the analysis of POS malware, drop spots, and final exfiltration techniques. Learn about static and dynamic analysis methods, including section examination and string analysis. Observe process management, FTP packet analysis, and IP scanning in action. Gain insights on the effectiveness of sandbox tools, VM evasion techniques, and the economics of cybersecurity. Discuss when to use or avoid automated tools, the potential for security automation, and the ongoing arms race in malware detection. Consider the importance of evolving strategies, training, and finding the right approach for your organization beyond just technological solutions.

Intro
WHAT ARE WE DOING?
FULL DISCLOSURE
OVERVIEW
MALWARE - POS
MALWARE - DROP SPOT
MALWARE - FINAL EXFILTRATION
THREAT SCORE?
STATIC & DYNAMIC
STATIC ANALYSIS
STATIC - SECTIONS
STRING ANALYSIS
DYNAMIC ANALYSIS
PROCESS MANAGEMENT
PROCESS CREATED
FTP PACKETS
IP SCANNER
WHAT DID WE LEARN?
EASY TO USE
DETECTION OBSESSION
VM EVASION
TO CONSIDER
RIGHT TOOLS FOR THE JOB?
ECON 101
WHEN TO USE A TOOL?
WHEN NOT TO USE A TOOL?
CAN SECURITY BE AUTOMATED?
SO SHOULD I BUY A SANDBOX OR WHAT BUDDY?
ARMS RACE
EVOLVE OR DIE
TRAINING
TECHNOLOGY ISN'T THE ONLY WAY
WHAT'S RIGHT FOR YOUR ORGANIZATION?