#!/bin/bash # Modul Analisis Malware Statis - Grok Edition # Penggunaan: ./malware_analyzer.sh if [ $# -ne 1 ]; then echo "❌ Penggunaan: $0 " echo "Contoh: $0 /path/to/suspicious.exe" exit 1 fi MALWARE="$1" if [ ! -f "$MALWARE" ]; then echo "❌ File tidak ditemukan: $MALWARE" exit 1 fi echo "🔍 === MULAI ANALISIS MALWARE: $(basename "$MALWARE") ===" echo "📅 Tanggal: $(date)" echo "================================================================" # 1. BASIC INFO echo "" echo "📋 === INFO DASAR ===" file "$MALWARE" ls -la "$MALWARE" echo "Ukuran: $(du -h "$MALWARE" | cut -f1)" # 2. HASHES echo "" echo "🔑 === HASHES (untuk VirusTotal) ===" md5sum "$MALWARE" | cut -d' ' -f1 sha256sum "$MALWARE" | cut -d' ' -f1 ssdeep "$MALWARE" # 3. STRINGS echo "" echo "🔤 === STRINGS (20 pertama) ===" strings "$MALWARE" | head -20 echo "... (Lihat semua: strings $MALWARE | less)" # 4. ENTROPY echo "" echo "📊 === ENTROPY (High = Packed/Encrypted) ===" ent "$MALWARE" 2>/dev/null | grep "Entropy:" echo "Rata-rata entropy: $(ent "$MALWARE" 2>/dev/null | awk '/Entropy:/ {print $3}')" # 5. BINWALK (Embedded Files) echo "" echo "📦 === BINWALK SCAN ===" binwalk --text "$MALWARE" | head -15 # 6. YARA SCAN echo "" echo "🎯 === YARA SCAN ===" yara -r /opt/yara/rules/ "$MALWARE" 2>/dev/null || echo "❌ Tidak ada match atau rules kosong" # 7. PE ANALYSIS (Jika Windows EXE) echo "" echo "🏁 === PE ANALYSIS (PEFRAME) ===" peframe "$MALWARE" 2>/dev/null | head -30 || echo "⏭️ Bukan PE file atau peframe error" # 8. FOREMOST (Carve Files) echo "" echo "🗡️ === FOREMOST CARVE (Ekstrak Files) ===" mkdir -p carved foremost -t all -i "$MALWARE" -o carved/ 2>/dev/null ls -la carved/ 2>/dev/null || echo "Tidak ada file dicarve" echo "" echo "✅ === ANALISIS SELESAI! ===" echo "💡 Tips Lanjut:" echo " - Upload hash ke VirusTotal.com" echo " - Dynamic: Gunakan Cuckoo Sandbox (sudo apt install cuckoo)" echo " - Memory: Volatility3 (sudo apt install volatility3)" echo " - GUI: Cutter/Radare2 (sudo apt install cutter)"