In the previous blog, we have got a basic idea about Malware like what is malware, its behavior, types, and a brief introduction to Malware Analysis. In this section, we will be setting up the testing lab for dynamic and static analysis. So, let us begin with setting up the environment and labs.
To exercise the functionality of malware, we need to simulate the network services. The risk associated with this would be spamming, denial-of-service attacks. The first thing you can take into consideration is not using the main computer or host operating system. The primary functionality of the malware would be relying on the internet. So, it will check whether the host has an internet connection. The modern piece of malware comes with anti-analysis features.
Sandbox environment is an isolated virtual machine that can be used to execute malicious code or malware without affecting the actual host. It decreases the risk of infecting the host OS from malware.
To carry out dynamic analysis of malware, we need a sandbox environment or any isolated operating system. Sandboxing helps us to carry out dynamic analysis and helps us to protect our system from malware.
There are few sandboxes that are freely available over the internet. Some of them are mentioned below:
Any.run is an online sandbox used for malware analysis. Here you can execute the suspicious executable or URL, in which you can check the real-time execution and behavior of any malware or suspicious programs. You can navigate to the URL https://any.run/ and register yourself for free and get hands-on experience.
*
Virus Total is an online service that can further analyze the files and URLs for detection of any Virus, Trojans, Worms, or any other malicious files. It is a kind of antivirus engine and scanner used to detect viruses.
These are the freely available tools over the internet which can be used for analysis. In Static Analysis, we get the basic idea of the malicious file or what kind of code/data it has.
To get a further detailed description or the behavior of the actual malicious file, we need to conduct the Dynamic Malware Analysis. For further analysis, we will need to have Virtual Environment/Sandbox.
Let us get an overview of how to set up a virtual environment. You can download any virtual OS for windows like 7, 8, 10.
The following are the prerequisites for setting up a Virtual Environment/Sandbox:
You can download OS and Virtual Box from the link provided in the description:
Points to be taken care of before initiating the process:
For example: Host OS can be Linux distribution or Mac OS
Observing the above-mentioned points, it’s recommended to set up a virtual environment accordingly.
Let us get the actual scenario of setting up this environment:
Step 1: Import Virtual OS
After importing any virtual OS we need to configure the virtual environment. For any malware analysis, we need to create an isolated environment. In the actual scenario, we will be executing the malicious code, as this process requires the actual isolated system. So below configurations are required to create an isolated system. While performing the analysis external drives[HDD, Pen drive]should not be attached or connected.
Step 2: Configuring the OS
After configuring the virtual environment, we require the analysis tools to analyze the malicious file. There are freely available tools that can be downloaded and used to examine the same. But it will take a long process of downloading all the tools one by one. Flare VM has pre-build tools for malware analysis which will save time for downloading the tools. Flare VM has a combined package of all required tools for analysis. Let us move to a further step for downloading Flare VM.
Step 3: Downloading & Installing Flare VM:
To download the Flare VM you can get the GitHub link and download the files from the following references. You can follow up on this reference and download the VM and install it.
https://github.com/fireeye/flare-vm
After installing the Flare VM, it should look like this. As it has a combined package of required tools.
That is all you would need to set up. In the last and final part of the blog for Malware Analysis, we will understand the practical in-depth approach towards the analysis.
Author,
Vijay Damor
Attack & Pentest Team
Varutra Consulting Pvt. Ltd.
Introduction In an increasingly interconnected world, the financial industry is becoming more vulnerable to cyber…
Introduction In today's interconnected world, where smartphones are an extension of our lives, ensuring the…
Introduction Unseen and unpredictable, zero-day threats loom as a constant menace to modern businesses. Detecting…
Android penetration testing is a crucial aspect of ensuring the security of Android applications and…
In today's interconnected world, where cybersecurity is of paramount importance, password security plays a crucial…
Introduction to Web & Mobile Application Security Assessment Web and Mobile applications have become an…
View Comments
Very nice write-up. I certainly love this website.
Keep it up!
Thank you :)