Reply to post: Re: Making analysis more challenging

Hive ransomware gang rapidly evolves with complex encryption, Rust code

A random security guy

Re: Making analysis more challenging

Automated AV scanners that rely on pure pattern matching will not be able to get anywhere if they don't decrypt the payload. That means the AV scanner first have to determine what kind of malware something is, decrypt the payload, then the strings in the payload, and then, finally, perform a pattern match. They might skip a level of encryption somewhere.

Should not be too hard but the AV scanners may be limited if the decryption and compression software is (slightly) proprietary, forcing you to run the malware for analysis

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022