This session offers a practical dive into the world of real-world malware analysis, focusing on active samples discovered across Indonesia and Vietnam, with ongoing efforts to source additional threats from Thailand. By examining malware that’s actively circulating in Southeast Asia, we aim to expose the evolving techniques used by threat actors in this region and demonstrate how local context informs malware design, deployment, and defense evasion strategies.
We begin with an overview of how malware is proliferating in the SEA region, touching on common vectors of infection, targeted platforms, and socio-economic conditions that make certain countries frequent testing grounds for new threats. The talk will introduce a curated set of tools and workflows used in analyzing such malware—from initial triage to in-depth behavioral analysis.
A core focus of the talk is on malware runtime protection—specifically, the defensive layers malware authors employ to evade analysis, such as obfuscation, packing, anti-debugging, and sandbox detection. Attendees will learn how to systematically unpack and bypass these protections to reach the underlying payload, and how to perform dynamic and static analysis post-unpacking.
The session includes real-world examples and hands-on demonstrations, showing step-by-step unpacking and behavior tracing of several Southeast Asian malware samples. By the end of the talk, participants will have a clear understanding of the tools, methodologies, and challenges involved in analyzing modern, runtime-protected malware—and will leave with a stronger skill set to apply these techniques in their own investigations.
