Advanced Malware Analysis Methods: Behaviour-Based Detection and Reverse Engineering

Advanced Malware Analysis Methods: Behaviour-Based Detection and Reverse Engineering

연구 분야: Safety

학회: 2024 18th International Conference on Telecommunication Systems, Services, and Applications (TSSA)

The tesla malware agent attacked around 4.1% of the networks of various industrial companies. Agent tesla malware can harvest user credentials from various popular applications including Microsoft Edge, Mozilla Firefox, and Google Chrome, becoming a global threat in various sectors and organizations around the world. In addition, the problem is that hackers using the agent tesla malware adopt more sophisticated spear-phishing campaigns and can use more sophisticated social engineering techniques to exploit vulnerabilities. So, with these problems, deeper analysis and implementation of holistic security measures are needed to combat threats, knowing the characteristics and ways to overcome the agent tesla malware in maintaining system and data integrity. This research focuses on overcoming this problem by comparing methods using behavior-based detection (virtual machine), behavior-based detection (sandbox), and reverse engineering to analyze the agent tesla malware. Behavior-based detection is used to observe malware activity when it is running on a computer or virtual machine. Meanwhile, reverse engineering is used to obtain the source code of the malware. The results of the agent tesla malware research analysis obtained using this method are that the malware can steal information from the victim's computer such as the computer username, as well as email and password information contained in the browser. The way the agent tesla malware works is to infect the system, read data on the computer and save the necessary data. Based on the test results in this research, the behavior-based detection (sandbox) method can reveal more actions in the malware with a total of 3877 or 185% more than the reverse engineering method.