๐ Last Activity View: A forensic tool by NirSoft that provides a detailed logbook of system activities. It’s useful for spotting malicious activities executed by malware in the background. Simple language makes it accessible for users of all levels.
๐ง Kappa: An advanced, open-source tool by Mandiant for analyzing malware executables across Windows, Mac, and Linux. Kappa is command-line based but user-friendly, offering an in-depth view of a program’s capabilities, including cryptographic components, data manipulation, defense evasion, and more, based on static analysis.
๐ฅ Triage by Recorded Future: An online sandbox that allows for dynamic analysis of files. After submitting a file for analysis, Triage provides a comprehensive report including tags indicating potential malware types (e.g., ransomware), network activity, and even a video replay of the file’s behavior in a sandbox environment. The scoring system helps assess the maliciousness of the file.
๐ Ease of Integration: Highlights Triage’s API for uploading and analyzing a vast amount of samples efficiently. This feature is particularly useful for integrating with your own analysis systems or scripts for automated malware analysis.
๐ต๏ธ Hybrid Analysis: Mentioned as a classic tool with similar sandbox execution capabilities to Triage, known for its simplicity and ease of use.
๐ป NordVPN: While not a malware analysis tool, NordVPN is recommended for security research to mask your location and protect against potential hacking attempts. Features include threat protection, meshnet for device communication, and a dark web monitor to check for personal data leaks.