1
00:00:01,020 --> 00:00:09,330
Hello and welcome in this introduction, I'm going to introduce you to the objectives of malware analysis

2
00:00:09,330 --> 00:00:10,530
of documents.

3
00:00:12,710 --> 00:00:25,220
With why marriages document, why is there a need to study this now, the authors will try the irritating

4
00:00:25,240 --> 00:00:29,600
thing off in order to get the malware installed in your system.

5
00:00:30,440 --> 00:00:38,700
And out of all the techniques, the easiest way is to use social engineering, social engineering to

6
00:00:39,020 --> 00:00:47,750
you, try to manipulate the user to open a program or a document which will contain.

7
00:00:48,920 --> 00:01:00,470
Nima Elbagir, if the attacker is using documents, then he will send a document to e-mail all to link.

8
00:01:01,420 --> 00:01:09,880
In an email or even put it up on the website and get the user to visit the site to click on the link,

9
00:01:09,880 --> 00:01:18,430
to download and document the document, your site will contain some probably some embedded scripts we

10
00:01:18,430 --> 00:01:19,480
shouldn't execute.

11
00:01:20,650 --> 00:01:24,360
And the script is accurate and do something else.

12
00:01:24,940 --> 00:01:29,260
He will connect to the Internet and download the actual Malvasia.

13
00:01:30,040 --> 00:01:33,070
And this will be the second stage of the on the attack.

14
00:01:34,100 --> 00:01:35,500
The first issue of the.

15
00:01:36,680 --> 00:01:45,620
Tricking the user to open the document itself and once the document is open, the script will activate

16
00:01:46,220 --> 00:01:50,210
and the for the bailouts from the Internet.

17
00:01:50,540 --> 00:01:51,810
That would be the second stage.

18
00:01:52,640 --> 00:01:54,590
The same thing applies to links.

19
00:01:55,040 --> 00:02:01,880
If the attacker managed to get the user to click on links the link, then to download some documents

20
00:02:02,240 --> 00:02:03,710
and then use them openly.

21
00:02:04,250 --> 00:02:13,550
So once the malware is being stopped, the attacker will then have access to whatever was designed in

22
00:02:13,550 --> 00:02:20,720
the proverbial, whether it's ransomware or to steal information, install a back door.

23
00:02:21,230 --> 00:02:27,800
He's a bot or maybe as a proxy for launching further attacks to other nameless.

24
00:02:30,680 --> 00:02:37,230
So in Melbourne, this for documents, what we are looking for here.

25
00:02:37,930 --> 00:02:47,160
Oh, you are asked to download second ballot this year can be embedded in the scripts or hidden in the

26
00:02:47,270 --> 00:02:48,200
document itself.

27
00:02:49,500 --> 00:02:59,470
Oh, and then you also look for commands which the list contained within a script or inside the document.

28
00:03:00,050 --> 00:03:08,390
And these commands could be to use Bauscher to execute some commands or even JavaScript, as in the

29
00:03:08,390 --> 00:03:12,430
case for PDF and the script and so on.

30
00:03:13,760 --> 00:03:19,260
Authorities will be looking for Farnese embedded in the document or in the script.

31
00:03:19,480 --> 00:03:25,560
So sometimes these findings could be obfuscated, even a script to obfuscate it.

32
00:03:26,450 --> 00:03:32,120
So in that case, we need to obfuscate it before we can understand what he's trying to do.

33
00:03:33,170 --> 00:03:41,150
So the findings are important because he will tell you what type of file he's been downloaded and also

34
00:03:41,150 --> 00:03:43,040
where it is going to be safe to.

35
00:03:44,090 --> 00:03:47,420
He may also give you a hint as to what is intended purpose.

36
00:03:48,590 --> 00:03:54,860
And once we get access to it and finally we can start looking for it when it is being done with it.

37
00:03:55,460 --> 00:04:01,060
And then we can do secondary analyses on these files if you so desire.

38
00:04:02,420 --> 00:04:09,680
The next thing we'll be looking for are Embedded Files NHS, which contains the files that the NABAY

39
00:04:09,890 --> 00:04:18,170
downloading a second stage on even embedded files in New Jersey within the document itself, and something

40
00:04:18,170 --> 00:04:19,220
to be able to look for.

41
00:04:19,490 --> 00:04:26,510
The MS imaging bite marks the existence of her B executable file.

42
00:04:29,030 --> 00:04:36,470
So in the next stage, before we do anything, we need to install which machines and which machines

43
00:04:36,470 --> 00:04:43,590
who allow you to conduct your analysis in a safe environment without compromising your host.

44
00:04:44,540 --> 00:04:46,530
And we need to counter with the machine.

45
00:04:46,550 --> 00:04:55,760
One is Microsoft Windows running Windows seven and the other one is running version HA Linux hologram,

46
00:04:56,780 --> 00:05:02,330
which is specially created to analyze and malware.

47
00:05:03,110 --> 00:05:11,270
RAMNATH is necessary and contains all the tools necessary for reverse engineering as well as malware

48
00:05:11,270 --> 00:05:15,980
analysis and for the windows which are machine.

49
00:05:16,000 --> 00:05:21,170
We need it because we need to run the malware in order to do behavior analysis.

50
00:05:22,210 --> 00:05:28,900
So in the next video, we'll go ahead and start with the installation of the voting machines.

51
00:05:29,420 --> 00:05:31,940
So it's all for this lesson.

52
00:05:32,030 --> 00:05:33,420
I'll see you in the next one.

53
00:05:33,620 --> 00:05:34,820
Thank you for watching.