Fast and thorough examination of malicious programs
When a malicious program enters your infrastructure, your cybersecurity team needs to know as much as possible about the threat: how it works, how it hides and how it can be eradicated. This kind of intel requires an abundance of resources and specific expertise.
We have all it takes to get the job done: the tools, the knowledge bases and a team of seasoned experts with a lot of experience in malware analysis. We can provide all the information necessary for incident response. You will start to learn about the threat in a few hours after sending us the sample.
Malware analysis is carried out in three stages:
1. Preliminary analysis
(~2 hrs after receiving the sample)
We collect statistics and sample program metadata. If possible, we determine the family to which the program belongs, and analyse the textual information. Thus, we can identify key facts about the threat as early as in the first stage of the analysis, and these include: the functions, the C&C server and the commands being executed.
2. Behavioural analysis
(~4 hrs after receiving the sample)
We run a malicious program in a managed environment and monitor its behaviour: what the program does with files, how it changes system settings, which processes it infects, and which server it communicates with. This procedure helps us identify indicators of compromise of infected systems and describe the characteristic signs of the program being present in the infrastructure.
3. Code analysis
(~2 days after receiving the sample)
We carry out reverse engineering using static and dynamic code analysis methods. As a result, we can accurately describe the algorithm of the malicious program and identify all its functions — including the hidden ones.
BI.ZONE malware analysis services are in full compliance with ISO 9001 and ISO 27001.