Book a Demo
Back to blog

Genetic Malware Analysis for Golang

Written by
Intezer
Intezer

Intezer Analyze now proudly supports genetic analysis for files created with the Golang programming language. Community and enterprise users can detect and classify malware written in Go, within seconds!

Why is this Important?
Golang, also known as Go, is Google’s open-source programming language which has become popular among developers in the Windows and Linux platforms. While well-known open source projects such as Kubernetes and Docker are written in Go, this programming language is being exploited by adversaries to develop malware.

Golang malware may still be in its infancy, but according to Palo Alto Networks we can expect Go-compiled malware to constitute a much larger market share of developed malware in years to come.

Even further, with the rapid growth of cloud infrastructure in recent years—and Linux becoming the predominant choice for cloud computing—Go malware could become a greater threat to enterprise cloud security.

Below are the Intezer Analyze features which are currently available for Golang:

    • Code reuse
    • View related samples
    • View the assembly code
    • Create vaccinations (code-based YARA rules) for proactive threat hunting (available in our enterprise edition)
    • IDA Pro plugin (available in our enterprise edition)

HTRAN Case Study
One of the advantages to genetically analyzing files written in Golang is being able to identify code connections between Windows and Linux executables. As evidenced by the recent discovery of ACBackdoor, cross-platform malware does exist between the two platforms.

HTRAN is a hacking tool used by adversaries to conceal their location when interacting with victim networks. Below Intezer Analyze has detected Linux and Windows variants of HTRAN which share code with each other:

  • Genetic Analysis of Linux (ELF) Variant
    This HTRAN Linux instance currently has 0 detections in VirusTotal. When you click on apt_golang_htran under the code reuse section you can see related samples, which includes the Windows variant (with only one detection in VirusTotal).

HTRAN Case Study

HTRAN Case Study

HTRAN Case Study

Intezer Analyze Community
Intezer proudly supports Genetic Malware Analysis for Windows and Linux executables, in addition to Android APK files. If you’re not an Intezer Analyze community user we encourage you to sign up for free at analyze.intezer.com. Community users can upload up to 10 files and scan one endpoint per day in order to:

    • Detect code similarities to known malware, legitimate applications, libraries, and more
    • Detect advanced in-memory threats such as malicious code injections, packed, and fileless malware
    • Obtain insights about malware families and threat actors
    • Receive monthly updates about new features, research, webinars, and more

Additional Resources:

More about Golang Malware:

Intezer
Intezer

Count on Intezer Forensic AI SOC to triage, investigate and respond to every alert at unmatched speed and accuracy.

In this article

Share this article
Recommended Blogs
blog cover for when to use generic AI for your SOC
7MIN READ

Generalist AI for your SOC: When and where to use it

Many security leader are asking the same question right now. We already pay for Microsoft Copilot, ChatGPT Enterprise, or Claude. Why buy anything else? Here's what you need to know.
ASL@Nasdaq blog post cover
5MIN READ

AI SOC Live at Nasdaq: Real conversation about modern security operations

The SOC is broken. Not because of a lack of talent or effort, but because human capacity does not scale. At AI SOC Live NASDAQ, we are bringing together the security leaders who are doing something about it.
blog cover for AI SOC: When to buy and when to DIY
5MIN READ

AI SOC: When to buy and when to DIY

The question worth asking isn't "build or buy?" It's a more precise one. Which parts of this problem are worth your engineers' time, and which parts aren't?