TryHackme’s Advent of Cyber 2023 — Day 9 Writeup

Malware analysis She sells C# shells by the C2shore

Learning Objectives

In this task, we will focus on the following vital learnings to assist Forensic McBlue in analysing the retrieved malware sample:

- The foundations of analysing malware samples safely

- The fundamentals of .NET binaries

- The dnSpy tool for decompiling malware samples written in .NET

- Building an essential methodology for analysing malware source code

Malware Handling 101

In the digital realm, handling malware demands caution and strategic planning to mitigate inherent risks. Emphasizing safety throughout your analysis is paramount, and the incorporation of malware sandboxing emerges as a critical methodology.

The Sandbox Advantage

A sandbox, essentially a simulated computer environment, acts as a secure haven for experts to unravel malware intricacies without jeopardizing their systems. Here’s why it’s indispensable:

1. Network Controls: Sandboxes employ stringent network controls, curtailing the malware’s ability to proliferate and minimizing collateral damage.