I perform static and dynamic malware analysis to determine exactly what a suspicious binary does, how it communicates, and what it's trying to achieve — delivered as a structured report with IOCs, MITRE ATT&CK mapping, and detection signatures.
Static analysis: file metadata and hashing (MD5, SHA-1, SHA-256, ssdeep); strings extraction and analysis; import table and PE header review; entropy analysis for packed/encrypted sections; disassembly and decompilation (Ghidra, IDA Free); packer identification and unpacking.
Dynamic analysis: isolated sandbox execution (Cuckoo, Any.run, custom VM); API call monitoring; network IOC extraction (C2 domains, IPs, protocols, beacon patterns); file system and registry modifications; process injection and hollowing detection; persistence mechanism identification.
Deliverables: malware analysis report with executive and technical sections; host-based IOCs (file hashes, registry keys, mutex names, file paths); network IOCs (C2 IPs, domains, JA3 hashes, URI patterns); MITRE ATT&CK technique mapping; YARA detection rules; and Sigma SIEM detection rules for Premium engagements. Send samples in a password-protected ZIP.