FILE: materi-08.module

Malware Analysis Basics

Virus, worm, ransomware, trojan. Cara analisis untuk tahu cara kerja dan deteksi.

RUNTIME: 28m LEVEL: advanced STATUS: ACTIVE
> MALWARE ANALYSIS $ Reverse engineering threats [OK] Module loaded successfully [INFO] Ready for next stage

1. Tipe Malware

Virus (butuh host program). Worm (self-replicate). Trojan (samar berguna). Ransomware (enkripsi data, minta tebusan). Spyware (curi info). Adware. Rootkit (hide presence). RAT (remote access).

2. Lifecycle Malware

Reconnaissance (target). Weaponization (bikin payload). Delivery (phishing, drive-by). Exploitation (jalan code). Installation. Command and Control (C2 server). Actions on Objectives (curi data, encrypt).

3. Static Analysis

Analisis tanpa eksekusi. Pakai disassembler (Ghidra, IDA). Cek strings, imports, headers. Hash dengan VirusTotal. Aman tapi terbatas. Malware modern banyak teknik anti-static.

4. Dynamic Analysis

Jalankan di sandbox terisolasi. Monitor: file, registry, network, process. Tools: Cuckoo Sandbox, ANY.RUN. Lihat behavior aktual. Tapi hati-hati: malware deteksi sandbox dan tidur.

5. Ransomware - Threat #1 2025

Enkripsi data korban, minta tebusan crypto. Variant terkenal: WannaCry, Ryuk, Conti, LockBit. Ransom rata-rata 1.5 juta dolar per korporat. Bayar bukan jaminan dapat data. Backup adalah pertahanan utama.

Practical Mission

  1. Setup VM Windows untuk lab malware analysis
  2. Pelajari pakai Ghidra (NSA tool)
  3. Hash file dengan VirusTotal
  4. Tonton video YouTube IppSec
  5. Pelajari case WannaCry 2017

Recap Module