FireEye has released an Open Source tool to automate the analysis of SWF files in Flash. It’s called FLASHMINGO and it enables analysts to triage suspicious Flash samples and investigate them further with minimal effort. It can be both integrated into various analysis workflows as a stand-alone application or can be used as a powerful library.
Even though Flash is set to reach its end of life at the end of 2020 and most of the development community has moved away from it a long time ago, from FireEye they predict that “we’ll see Flash being used as an infection vector for a while. Legacy technologies are juicy targets for attackers due to the lack of security updates”, says Carlos Garcia Prado in a blog post published in FireEye website.
FLASHMINGO provides malware analysts a flexible framework to quickly deal with pesky Flash samples without getting bogged down in the intricacies of the execution environment and file format.
“FLASHMINGO is a collection of plug-ins that operate on the SWFObject and extract interesting information. Users can easily extend the tool's functionality via custom Python plug-ins”, explains Prado.
Several useful plug-ins covering a wide range of common analysis are already included with FLASHMINGO:
Find suspicious method names.
Find suspicious constants.
Find suspicious loops.
Retrieve all embedded binary data.
This tool can be downloaded from the FireEye public GitHub Repository.
For more details see the source article here.