Home front-page port 80-shoopyu Lab setup for Malware Analysis πŸͺ²πŸ”¬
Post
Cancel

front-page port 80-shoopyu Lab setup for Malware Analysis πŸͺ²πŸ”¬

enter image description here

Basic Architecture

graph TD

subgraph VirtualBox
  subgraph "Windows 7 Machine"
    subgraph "Flare VM"
	    malware-analysis-tools
    end
  end
  subgraph "Ubuntu 20.04.3 LTS Machine"
      subgraph "Or Remnux"
    end
  end
end



graph TD
  A[Malware Analysis Tools] --> B[IDA Pro]
  A --> C[Ghidra]
  A --> D[OllyDbg]
  A --> E[x64dbg]
  A --> F[Procmon]
  A --> G[Wireshark]
  A --> H[Volatility]
  A --> I[CAPE Sandbox]
  A --> J[Cuckoo Sandbox]
  A --> K[YARA]
  A --> L[PEStudio]
  A --> M[Sysinternals Suite]

  style A fill:#009688,stroke:#00695C,stroke-width:2px,color:#FFFFFF,font-weight:bold;
  style B fill:#FF9800,stroke:#E65100,stroke-width:2px,color:#000000,font-weight:bold;
  style C fill:#FF9800,stroke:#E65100,stroke-width:2px,color:#000000,font-weight:bold;
  style D fill:#FF9800,stroke:#E65100,stroke-width:2px,color:#000000,font-weight:bold;
  style E fill:#FF9800,stroke:#E65100,stroke-width:2px,color:#000000,font-weight:bold;
  style F fill:#FF9800,stroke:#E65100,stroke-width:2px,color:#000000,font-weight:bold;
  style G fill:#FF9800,stroke:#E65100,stroke-width:2px,color:#000000,font-weight:bold;
  style H fill:#FF9800,stroke:#E65100,stroke-width:2px,color:#000000,font-weight:bold;
  style I fill:#FF9800,stroke:#E65100,stroke-width:2px,color:#000000,font-weight:bold;
  style J fill:#FF9800,stroke:#E65100,stroke-width:2px,color:#000000,font-weight:bold;
  style K fill:#FF9800,stroke:#E65100,stroke-width:2px,color:#000000,font-weight:bold;
  style L fill:#FF9800,stroke:#E65100,stroke-width:2px,color:#000000,font-weight:bold;
  style M fill:#FF9800,stroke:#E65100,stroke-width:2px,color:#000000,font-weight:bold;




1 Install VirtualBox πŸ“¦

VirtualBox is essential for setting up a malware analysis lab as it allows for the creation of isolated virtual environments, enabling safe and controlled execution of potentially harmful malware samples.

Click here to Download Virtual Box



2 Install the Operating System

Now that you have installed your virtualization software you need to install a VM to run the malware and install all the tools that you need.

I will install a Windows 7 32 bit machine.

Windows 7 Home Premium SP1 (32-Bit)

Note: Installation could be very slow be patient



enter image description here

  1. Now open VirtualBox click new.
  2. Select Windows 7 32 bit and give a name to your VM.
  3. Then select the amount of RAM that you want to give to it. I suggest you to give 2500 MB of RAM.
  4. For the next ones just leave that with the default settings.
  5. Now choose the amount of memory (ROM) that you want to give to the VM. I suggest you 40 GB of memory.

Perfect! You have created your virtual machine.

3 Crucial things to do after windows 7 installation





Take the snapshot of the machine after these settings as a Baseline.



4 Flare VM Installation

Go to this repo https://github.com/mandiant/flare-vm Download install.ps1 to the windows VM

Open that folder where you saved install.ps1 and open the powershell as an administrator Unblock the installation script by running:

1
Unblock-File .\install.ps1

Enable script execution by running:

1
Set-ExecutionPolicy Unrestricted

One Final Command to begin the flare-vm installation process

1
.\install.ps1

To use the CLI-only mode with minimal user interaction:

1
.\install.ps1 -password <password> -noWait -noGui -noCheck

Now sit-back and relax for 3 Hours!!!.🀯

If the installation prompts anything press y and hit enter approximately it will take almost 3 hours!!



Take the snapshot of the machine after installation as a FlareVM. so that if anythng happens in futere analysis to the machine you can easily restore the state of the machine!!




enter image description here

TooooLs

  1. PeStudio
  2. Process Hacker
  3. Process Monitor (ProcMon)
  4. ProcDot
  5. Autoruns
  6. Fiddler
  7. Wireshark
  8. x64dbg
  9. Ghidra
  10. Radare2/Cutter
  11. Cuckoo Sandbox

Learn in-details How to setup the lab here!!

This post is licensed under CC BY 4.0 by the author.

front-page port 80-shoopyuSuspicious Browser extension analysis πŸ”

front-page port 80-shoopyuUnlock Your Cybersecurity Career with TryHackMe's New Security Engineer Learning Path πŸ›‘οΈ