Practical Malware Analysis & Triage Intro

Practical Malware Analysis & Triage Intro

To begin working through the PMAT course by Husky Hacks, I got to implement the following and document a small guide for building a malware analysis home lab. This setup will allow us to safely handle and analyze malware.

  1. Download VirtualBox - Through key points you will need to take snapshots you can revert back to.
  2. Download Windows 10 - The evaluation iso will work for our purposes
  3. Setup Windows 10 VM and install FlareVM. This will allow us to easily setup and maintain a reverse engineering environment on the windows 10 VM - video guide - Here you can take a snapshot and label it as pre-detonation.
  4. Download REMnux - (download the ova file for VirtualBox) This VM will allow us to analyze or reverse-engineer malware. - additional documentation
  5. Configure VMs for Analysis Network Setup. Here I opted for the Internal Network configuration as it is the safest option when handling malware. As opposed to host-only where you are relying on your hosts firewall.
  6. Next you will need to setup INetSim or FakeNet onto your REMnux VM. This will simulate the internet for our home lab and allow us to analyze the network behavior from the malware we detonate on the FlareVM.

Once the FlareVM can only communicate with the REMnux VM, you can now detonate your first malware sample. You can use the ping test to confirm this.

💡
FLARE-VM/REMnux Tool List