This repository documents my first-ever malware analysis project on the Zeus Banking Trojan. The project involved setting up a dedicated malware analysis lab, performing static and dynamic analysis, and documenting the findings in a detailed report.
The Zeus Banking Trojan is a well-known malware designed to steal banking credentials. I gained hands-on experience in reverse engineering, behavioural monitoring, and network traffic analysis through this analysis.
- Malware Analysis Lab:
- Tools Used: REMnux, FLARE VM, VirtualBox
- Lab Configuration: Isolated environment with INetSim for network simulation
- Static Analysis:
- Explored the malware's file structure, imports, and embedded strings
- Created a custom YARA rule for Zeus detection
- Dynamic Analysis:
- Observed the malware's runtime behaviour using tools like ProcMon and Wireshark
- Captured network traffic and analyzed its communication with a simulated C2 server
The Images folder provides desktop images of the malware analysis environment. These include:
- Screenshots of REMnux and FLARE VM desktops
- Commands executed during the analysis process
- Tools used: Strings, PE Studio
- Identified:
- Embedded strings
- Suspicious imports and function calls
- PE structure details
- Tools used: INetSim, ProcMon, Wireshark
- Observed:
- Registry changes
- File system activities
- Network traffic patterns
- Full analysis report documenting methodology, findings, and IoCs.
- Images:
- Photos of the lab environment and analysis steps, including:
- REMnux desktop
- FLARE VM setup
- Commands executed during the analysis
- Photos of the lab environment and analysis steps, including:
- Initial guidance from Hackersploit and HuskyHacks
- Final lab setup and analysis inspired by Grant Collins' videos
Feel free to explore the repository and contact me via LinkedIn for discussions or feedback on this project!