Once upon a time in SOC land, I was handed the keys to a dashboard glowing red with alerts. My mission? Classify malware like a true cyber-detective and prove my worth. Spoiler: it was a ride full of pop-ups, encrypted chaos, and shady processes wearing fake names.
🗂️ Task 1 – Introduction
The story began with a warmup. Malware isn’t just evil software; it’s like a toolbox for chaos: stealing secrets, wrecking systems, or popping ads in your face.
The SOC analyst’s role? Spot it, name it, stop it. Simple enough… until you see “system_update.exe” doing creepy things.
Answer: No answer needed ✅
🧩 Task 2 – Malware Types
I was introduced to the “villains gallery” — each malware type with its own evil personality:
Adware: the annoying cousin who spams pop-ups.
Spyware: the stalker hiding behind the curtains.
Ransomware: the extortionist with a padlock.
Wiper: the psycho who deletes everything.
C2/RAT: the puppet master.
Data Stealer: the kleptomaniac.
Keylogger: the nosy typist watcher.
Cryptominer: the electricity thief.
Q&A:
High CPU, system slow →
cryptominer✅Files locked + ransom note →
ransomware✅Browser spams pop-ups →
adware✅Leaked internal documents →
data stealer✅
🌍 Task 3 – Real-World Examples
This was where the villains got famous names:
Pegasus – the spyware spy of governments.
Akira – ransomware with a double-extortion hobby.
Shamoon – wiper that nuked oil company networks.
Agent Tesla – the sneaky infostealer.
RedLine Stealer – keylogger + data thief hybrid.
QakBot – the RAT that just won’t die.
Q&A:
Logs keystrokes + screenshots →
Agent Tesla✅Zero-click spyware on phones →
Pegasus✅Ransomware stealing + leaking →
Akira✅Nuked Saudi Aramco →
Shamoon✅
💻 Task 4 – Binary vs Script Malware
Here came the hacker’s toolkit showdown:
Binary Malware: solid, heavy, compiled executables (.exe, .bat, etc.) — hard to change but easier to fingerprint.
Script Malware: sneaky, lightweight, written in scripting languages — flexible and easily obfuscated.
We even saw a LummaStealer example dropping payloads straight into memory, avoiding disk like a ninja.
Q&A:
Script malware’s favorite downloader →
PowerShell✅Another Windows executable extension →
.bat✅Leaves byte patterns for AV detection →
Binaries✅
🕵️ Task 5 – Practical SOC Analyst Roleplay
Now it got cinematic: I sat in the SOC, alerts pouring in. One by one, I classified them:
ads_service.exewith pop-ups → Adwaresystem_update.exestealing clipboard/email data → SpywareMass
.encryptedfiles + ransom note → Ransomwaredisk_cleaner.exenuking backups → Wipersvchost32.exebeaconing to C2 → Trojan (RAT)docu_manager.exestealing sensitive files → Data StealerDLL injection in
winlogon.execapturing keys → Keyloggersvcupdate.exehogging CPU for mining → Cryptominer
Flag:THM{Malwar3_****************} ✅
🎯 Task 6 – Conclusion
Mission complete. After 45 minutes of digital detective work, I walked away knowing:
Malware has many faces, from noisy adware to destructive wipers.
Binaries leave fingerprints, scripts morph like shapeshifters.
SOC analysts survive by classifying fast and acting smart.
Answer: No answer needed ✅
🚀 Final Thoughts
This room was like joining CSI: Cyber, but with fewer neon lights and more packet captures. If you want to sharpen your instincts as a SOC analyst, this one’s a must-try.
