tool

now browsing by tag

 
 

Review: Malware Investigator (iLEEP, FBI tool for investigating malware)

So, several months ago, I wrote about a tool that the FBI was going to make available for members of InfraGard, called Malware Investigator. This tool was set to provide members of law enforcement, and InfraGard to provide analysis on submitted malware. I said that I would provide a detailed write-up, regarding how useful the tool is, and how it helps me analyze found malware. I am happy to do that for you here; here is my review of Malware Investigator.

I submitted 3 malware samples, that I found via my SSH honeypot. Granted, these samples were compiled for execution on a MIPS based system, so all the other malware analysis tools proved to be relatively worthless, as most of them are only setup to run w32 (windows) binaries, and test the execution of that malware. I submitted these samples on 4/20, one at approx. 7:30 AM MDT, and the other two, later in the day, approx. 4:30 PM MDT.

As I am writing this post, on 4/23, at approx. 9:45 AM MDT, the analysis of all three files is still incomplete. To me, since these are sort of odd-ball files to submit (again, they are MIPS executables), I think a day is a reasonable amount of time to run the malware in a sandbox, and provide a report. However, at 3 days, and still going, I think this sort of analysis is taking far too long, for the service to be useful for malware hunters out there.

Depending on the output, and if it ever completes, I may, or may not provide a follow-up to this article, detailing how accurate the malware analysis at Malware Investigator was; it is something to write about.

The positive analysis of the files (just one included here) is that it does provide some initial decent details; however, what I’m really curious about, is attribution and correlation that the FBI provides me with (if any).

Read the rest of this page »

Malware Investigator released

As of today, the FBI/U.S. Government’s own Malware Investigator tool has been released to a wider audience of people. I believe all members of Infragard, along with the select few people offered it before this wider release.

I’m going to be loading it up with some samples that I have, and test out the tool, and determine if it can assist with forming details about malware.

I will update the blog in the next couple of days, and provide details to my experience in using the Malware Investigator tool.