Malware Analysis using YARA

SCENARIO INFORMATION

DESCRIPTION:

This scenario serves as a guide on how to create Yara Signatures for Malware Detection.

YARA is a tool designed to help malware researchers identify and classify malware samples. It’s been called the pattern-matching Swiss Army knife for security researchers (and everyone else). It is multi platform and can be used from both its command-line interface or through your own Python scripts.

The tool allows you to conduct signature-based detection of malware, something similar to what antivirus solutions can do for you.

OBJECTIVES AND OUTCOME

After completing this scenario you will be able to:

Learn Rule Identifiers
Learn Yara Keywords

Learn Strings
– Hexadecimal
– Text Strings
– String Modifiers
– Regular Expression
– Sets of strings
– Anonymous strings

Learn Conditions

– Boolean
– Counting string instances
– String offsets or virtual -addresses
– Match Length
– File size
– Executable entry_point
– Accessing data at a given position
– Applying one condition across many strings
– Iterating over string occurrences

Learn Referencing other rules

Learn Yara Essentials
– Global Rules
– Private Rules
– Rule tags
– Metadata
– Using Modules
– Undefined values
– External/Argument Values
– Including Files

PRE-REQUISITES

In order to get the full benefit from this scenario, it is suggested that you have competencies in the following areas:

– GNU Linux
– Familiarity with C syntax (not required, but useful)
– Regex (not required, but useful)

RECOMMENDED READING:

This scenario has no recommended reading.

AUTHOR:

This scenario was created by Sathish Govindharajan and Lawrence Muchilwa.

MODE SINGLEPLAYER
Type CYBER CHALLENGE
DIFFICULTY INTERMEDIATE
TIME 120 MINUTES
COST 100 GEMS

Start Scenario

RegisterLogin
Share on facebook
Facebook
Share on twitter
Twitter
Share on linkedin
LinkedIn
Share on reddit
Reddit
Share on whatsapp
WhatsApp
Share on telegram
Telegram
Scroll to Top