malware-analyst

This document is a defensive malware-analysis playbook intended to guide safe, authorized triage and investigation of a provided binary. It contains standard static/dynamic analysis steps, tooling recommendations, IOCs to extract, and reporting templates. The primary security concern is operational: executing malicious samples and uploading artifacts to external services can leak sensitive data if done without strict isolation, governance, or authorization. No hardcoded credentials, direct exfiltration code, C2 indicators, or obfuscated payloads are present in the document itself. Recommend enforcing VM/network isolation, documented approval for external uploads, and retention/redaction policies for sensitive samples.