My Journey Learning Malware Analysis

Introduction This is a 3 parts series attempting to teach beginners how to unpack malware. As a beginner myself, I hope my thinking process will be more relatable to others. If I make mistakes in this blog, please feel free to give me feedback. Manual unpacking can be a very intimidating task for starters. Without knowing the tips and tricks, the process can take days and weeks, or you may never find the answers. I intend to not only show you some must-know tricks but also explain why they work or don't work. These articles will be similar to a lab when I perform a standard old-school unpacking process and explain the details along the way. Part 1: UPX Packer - The "Hello World" of Reverse Engineering Just like every computer scientist starts out with the "Hello World" program, every reverse engineer learns how to unpack UPX at some point. You can download UPX  here . Basically," upx filename"  will pack a file, and " upx -d filename...

The Scam A few days ago, one of my acquaintances was getting scammed. She was contacted on the phone by a "police officer," saying she has been accused of committing a crime. Apparently, a current well-known criminal group has mentioned her name. After confirming her identity, a fake subpoena was sent to her Zalo account. The document had her name, an authority signature, and a stamp. FYI, Zalo is a popular chat app in Vietnam that uses phone numbers as account IDs. As a typical working-class Vietnamese lady, her exposure to the Internet is pretty much Youtube and Zalo. It may be hard for us to believe, but that is all it takes for her to get bamboozled. Next step, she was requested to go on a Police Department phishing site and enter the citizen ID to view her case. Interestingly, she had to enter the correct ID for it to work. I guess that they used the information she provided earlier to set up the webpage. After the successful identification, a new page was serv...