This analysis explores the application of Generative AI specifically Googles Gemini Advanced in
malware analysis.
The experiment focuses on analyzing executable files particularly a RisePro Stealer sample.
The methodology involves decompiling the malware using Ghidra and IDA Pro then using
specific prompts with Gemini to analyze the code.
The process aims to determine the files verdict understand its behavior and identify Indicators
of Compromise (IOCs).
While Gemini proves useful in providing insights and aiding analysis challenges such as
handling large codebases and obfuscated code are noted.
The study concludes that Gen AI can be a powerful tool in malware analysis when used in
conjunction with traditional reverse engineering tools but emphasizes the need for human
expertise in interpreting results.
GLESEC INFORMATION SHARING PROTOCOL
GLESEC CYBER SECURITY FLASH REPORTS are in compliance with the U.S. Department of Homeland
Security (DHS) Traffic-Light Protocol (TLP): TLP-White (Disclosure is Not Limited), TLP-Green (Limited
Disclosure, Restricted Only to the Community), TLP-Amber (Limited Disclosure, restricted to the
Participant’s Organization), and TLP-Red (Not for Disclosure, Restricted/ Classified – Only Shared with US
DHS).
SkyWatchSM Alert Legend
Warning
Active Threat
Malware
Ransomware
Phishing
Network/IOT
Glesec Information Sharing Protocol
GLESEC CYBER SECURITY INCIDENT REPORTS are in compliance with the U.S. Department of Homeland Security (DHS) Traffic-Light Protocol (TLP).
TLP-White
Disclosure is Not Limited.
TLP-Green
Limited Disclosure, Restricted Only to the Community.
TLP-Amber
Limited Disclosure, restricted to the Participant's Organization.
TLP-Red
Not for Disclosure, Restricted/ Classified - Only Shared with US DHS.
Discover Glesec.
Authority. Consistency.
Sign-up today for SkywatchSM Alerts.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.