APT28, also known as Sofacy, Fancy Bear, and Pawn Storm, is a notorious Advanced Persistent Threat (APT) group that has been actively operating since at least 2007. APT28 is believed to be a state-sponsored group associated with the Russian government, and has been implicated in several high-profile cyber attacks, including the 2016 US Presidential Election. In this blog post, we will conduct a comprehensive analysis of the APT28 malware, exploring its static properties, behavior, and manual code reversing.
Static Properties Analysis
APT28 is known to use a variety of malware tools and techniques, but one of its most commonly used tools is the Sofacy malware. In this section, we will examine the static properties of a sample of the Sofacy malware.
First, we will use a tool such as VirusTotal to obtain information about the file’s hashes, file type, and other basic information. The following table summarizes the results of the VirusTotal analysis:
File name: Sofacy.exe
File size: 366 KB
MD5 hash: 0d3779c6746a7b38f4f4c4aeba55f9cc
SHA-1 hash: 8c7f722467c1b7ec87110edc4a4f0766c0b746df
Next, we will use a tool such as PEview to examine the Portable Executable (PE) header of the file. The PE…
