FireEye released a Free automated analysis tool FLASHMINGO, which enables malware analysts to detect suspicious flash samples and to investigate them.
The tool integrates various analysis workflows as a stand-alone application or as a powerful library and it can be extended via Python plug-ins.
Adobe flash remains as the most exploited software by attackers, it has more than one thousand CVEs assigned till date and almost nine hundred of these vulnerabilities have CVSS score near of nine or higher.
“We must find a compromise between the need to analyze Flash samples and the correct amount of resources to be spent on a declining product. To this end, we developed FLASHMINGO, a framework to automate the analysis of SWF files,” read FireEye blog post.
FLASHMINGO leverages the open source framework SWIFFAS to parse the Flash files. With FLASHMINGO all the binary data and bytecode are parsed and stored as SWFObject.
The SWFObject contains a list of tags that include information about all methods, strings, constants and embedded binary data, to name a few.
The tool is a collection of plug-ins that cover a wide range of common analysis that operates SWFObject and extracts the following information.
FLASHMINGO can be extended by adding your own plug-in, it has all the plug-ins listed under the plug-ins directory, you can copy your plugin to the template directory, rename it, and edit its manifest and code.
“Even though Flash is set to reach its end of life at the end of 2020 and most of the development community has moved away from it a long time ago, we predict that we’ll see Flash being used as an infection vector for a while.”
FLASHMINGO offers malware analysts a flexible framework to deal with Flash samples, you can download the tool from the GitHub Repository.
Course: Learn Malware Analysis – Advance Malware Analyst Bundle
FileTSAR – A Free all-in-one Forensic Toolkit for Law Enforcement Agencies
Cynet Offers a Free Threat Assessment for Mid-Sized and Large Organizations – Take a Free Ride Now
Commando VM – Windows-based Distribution for Penetration Testers Like Kali Linux
The first instance of Redline using such a method is in a new variant of Redline Stealer malware that McAfee…
A threat actor reportedly sells a database containing 49 million user records from Dell, one of the world's leading technology…
A safe and trusted Google Play experience is our top priority. We leverage our SAFE (see below) principles to provide…
BlackBerry reported a new iOS LightSpy malware, but Huntress researchers found it to be a macOS variant targeting Intel or…
A new RAT malware has been discovered to be targeting Android devices. This malware is capable of executing additional commands…
A serious concern has arisen for iPhone users in the European Union as a newly discovered flaw in Apple's Safari…