Malware Lab Setup
Malware analysis & Reverse engineering
Malware Lab Setup
Requirements
- Hypervisor
- VirtualBox
- Virtual Machines
- Windows VM-Flare
- Linux VM-REMnux
Download Links
Hypervisor Installation
- Download and install virtualbox from the download links.
Setting up Windows VM
- Download Windows 10 and extract the zipped file
- Create New Virtual Machine & start the VM
- Take a snapshot then install Flare VM
- After installation take another snapshot
Setting up REMnux VM
- Extract and launch the REMnux VM distribution
- Start the REMnux VM then take a snapshot.
Hypervisor Network Configuration
- Make sure no virtual Machine is running
- Click on
Toolsdrop down menu then choose Network CreateNew Virtual Adapter likely will be Adapter 2- Enable
DHCP Serveron the new adapter - Configure
Adaptermanually & change IP address
VM Network Configuration
- Open VM Settings for both Windows and REMnux VM
- Disable other adapters
- Change their
networksettings to: Select new adapter under NameAttached to: Host-Only Adapter Name: VirtualBox Host-Only Ethernet Adapter #2 - Start both VMs, check their IP addresses &
ping8.8.8.8, google.com & each other VM to test network
REMnux VM
- Open termnial run
sudo nano /etc/inetsim/inetsim.confto edit Fakenet config file - Remove
#& Make Changes to the following: - DNS Default is the REMnux IP Address
start service dns service_bind_address 0.0.0.0 (0.0.0.0 bind all interfaces) dns_default_ip 10.0.0.4
Windows VM
- Open Network Setting & right-click
ethernetadapter then clickProperties - Click
Internet Protocol Version 4 (IPv4)thenProperties - Select
Use the following DNS Server Addressesthen add REMnux IP address
Toolkit
Basic Static Analysis:
- File hashes
- VirusTotal
- FLOSS
- PEStudio
- PEView
Basic Dynamic Analysis
- Wireshark
- Inetsim
- Netcat
- TCPView
- Procmon
Advanced Static Analysis
Decompilers and Disassemblers
- IDA Pro
- Ghidra
- OllyDbg
- Cutter
Advanced Dynamic Analysis
Debuggers
- flareqdb
- scdbg
- windbgx64
- windbgx86
- x32dbg
- x64dbg