Exploring GenAI in Cybersecurity: Gemini for Malware Analysis

Oct. 8, 2024, 8:04 a.m.

Tags
cybersecurity
malware analysis
genai
2024-10-07
risepro stealer
decompilation
ai-assisted analysis
ida pro
ghidra
gemini
executable files
2024-10-08
External References
Description

This analysis explores the application of Generative AI, specifically Google's Gemini Advanced, in malware analysis. The experiment focuses on analyzing executable files, particularly a RisePro Stealer sample. The methodology involves decompiling the malware using Ghidra and IDA Pro, then using specific prompts with Gemini to analyze the code. The process aims to determine the file's verdict, understand its behavior, and identify Indicators of Compromise (IOCs). While Gemini proves useful in providing insights and aiding analysis, challenges such as handling large codebases and obfuscated code are noted. The study concludes that Gen AI can be a powerful tool in malware analysis when used in conjunction with traditional reverse engineering tools, but emphasizes the need for human expertise in interpreting results.

Date

Published: Oct. 8, 2024, 7:55 a.m.

Created: Oct. 8, 2024, 7:55 a.m.

Modified: Oct. 8, 2024, 8:04 a.m.

Indicators

b0e194ed54bafa753bda5761c1264b67a5c438ee7a9ed624a83be913f037dcbb

Download all indicators here!

Attack Patterns

RisePro Stealer

T1120

T1064

T1124

T1548

T1115

T1012

T1113

T1005

T1016

T1082

T1057

T1083

T1055

T1134

T1033

T1027

T1112

T1056

T1059