Android HackingCyber SecurityCybrainLab SetupMalware AnalysispentestingTech
Trending

How To Setup A Sandbox Environment For Malware Analysis

How To Setup A Sandbox Environment For Malware Analysis

How to setup a malware analysis lab

Hypervisors

  • VMware
  • VirtualBox

We will be using VirtualBox because it is the easiest to configure.

You can download VirtualBox here.

Important notes

  • Do not use your main computer, accidental infections can be extremely damaging.
  • Use a different network segment/subnet to avoid any accidental infections of other computers on your network.
  • Most modern malware is designed with anti-analysis in mind.
    • They come with anti-analysis features and checks
    • They also come with anti-virtual machine features that prevent it from running as intended when it discovers it is being run in a virtualized environment.

How to avoid anti-malware and anti virtualization checks

  • Make the system appear as real as possible.
    • Use common hardware specifications
      • 2-4GB of RAM
      • More than 80GB of HDD space
      • 2 or more CPU’s
  • Install commonly used software
    • VLC
    • Adobe
    • Firefox, chrome, etc.
    • You can also open and view several documents.
  • Do not install VirtualBox guest additions – this will reduce performance and overall convenience but it is very important.
  • Trick the malware into thinking it is online – Malware usually checks whether it can connect to common sites, you can use FakeNet to evade this. And to monitor what sites the malware is checking.

Getting started – Setting up the base instance

  • System specifications
  • Install all the tools you will use (analysis tools and others)
  • Update your system to the version and release you want.
  • Turn off updates, anti-malware, and a firewall.

Now take a snapshot of the base system, this will be the snapshot you will revert to when you want to analyze new or different malware.

 

Setting up the analysis instance

  • Setup host only adapter
  • Uninstall VirtualBox guest additions
  • Setup FakeNet
  • Good to go!

FakeNet: https://sourceforge.net/projects/fakenet/

Note: If you want to transfer files to the VM you can create a shared folder.

Did you like this?
Tip Ankush Gaikwad with Cryptocurrency

Donate Bitcoin to Ankush Gaikwad

Scan to Donate Bitcoin to Ankush Gaikwad
Scan the QR code or copy the address below into your wallet to send some bitcoin:

Donate Bitcoin Cash to Ankush Gaikwad

Scan to Donate Bitcoin Cash to Ankush Gaikwad
Scan the QR code or copy the address below into your wallet to send bitcoin:

Donate Ethereum to Ankush Gaikwad

Scan to Donate Ethereum to Ankush Gaikwad
Scan the QR code or copy the address below into your wallet to send some Ether:

Donate Litecoin to Ankush Gaikwad

Scan to Donate Litecoin to Ankush Gaikwad
Scan the QR code or copy the address below into your wallet to send some Litecoin:

Donate Monero to Ankush Gaikwad

Scan to Donate Monero to Ankush Gaikwad
Scan the QR code or copy the address below into your wallet to send some Monero:

Donate ZCash to Ankush Gaikwad

Scan to Donate ZCash to Ankush Gaikwad
Scan the QR code or copy the address below into your wallet to send some ZCash:

Tags

Ankush Gaikwad

Software/web/App Developer and Cyber Security Investigator

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button
Close
Close
Open chat
1
Hello
Welcome to CYBRAIN INFOSEC
...you are chatting direct to Mr.Ancush Gaikwad (CTO).Feel free to share your query with him.
REGARDS
CYBRAIN INFOSEC
Powered by

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

CYBRAIN INFOSEC will use the information you provide on this form to be in touch with you and to provide updates and marketing.