Malware Analyst

Hello all, My name's Mahmoud NourEldin a Student of maltrak.com which presented by Eng: Amr Thabet and I would like to post my first blog about this topic. It just an exercise from maltrak course and I would like to share the analyzing with you. Let's start: What is Joanap Malware ? Joanap is a remote access tool that is a type of malware used by the government of North Korea . It is two-stage malware, meaning it is "dropped" by another software (in this case the Brambul worm, which was part of the charges against Park Jin Hyok in 2018). [1] Joanap establishes peer-to-peer communications and is used to manage botnets that can enable other operations. On Windows devices that have been compromised it allows data exfiltration , to drop and run secondary payloads , initialization of proxy communications, file management, process management, creation/deletion of directories, and node management.[Wikipedia]. Summary: It drops C:\WINDOWS\system32\scardprv.dll (MD...