Analysis and Detection of PWS Malware

Blažek, Jan; Křoustek, Jakub; Dzurenda, Petr

Analysis and Detection of PWS Malware

Files

69_EEICT_selected.pdf(505.13 KB)

Date

2023

Authors

Blažek, Jan

Křoustek, Jakub

Dzurenda, Petr

Publisher

Vysoké učení technické v Brně, Fakulta elektrotechniky a komunikačních technologií

Altmetrics

Abstract

Cyberdefense became important, especially duringthe last decade. The rapid growth of information technologiescaused a significant increase in cyber attacks and threats onthe Internet. Malware analysis forms a critical component ofcyberdefense mechanisms. In this article, we study the issue ofmalicious code and its various types, with a specific focus on thetype known as PassWord Stealers (PWS). To do so, we deployedseveral methods of analyzing binary executable code, such asstatic and dynamic analysis, and sandboxing. We analyze 11recently discovered malware families. From that, we discovered3 new strains of malware, namely SevenStealer, NeedleDropper,and AtlantidaStealer. Furthermore, we have created appropriatedetection rules for all of these malware, which have improvedthe detection capabilities of Avast anti-virus (AV) softwareworldwide. At the end of this article, we present the resultingdata illustrating the spread of analyzed malware in the user baseof the Avast company.

Keywords

YARA, Malware, Password Stealer, ReverseEngineering, Info Stealer, Static Analysis, Dynamic Analysis,Cyber Defence

Citation

Proceedings II of the 29st Conference STUDENT EEICT 2023: Selected papers. s. 69-72. ISBN 978-80-214-6154-3
https://www.eeict.cz/eeict_download/archiv/sborniky/EEICT_2023_sbornik_2_v2.pdf

Document type

Peer-reviewed

Document version

Published version

Language of document

en

Document licence