Flare VM Installation
Flare VM is a Windows distribution specifically designed for Malware Analysis. It includes all the relevant tools to get started in this field.
Step 1: Setup Virtual Machine
First, you need to setup a Windows 10 virtual machine. This can be done by downloading the ISO from Microsoft and installing it inside your preferred hypervisor, such as VirtualBox or VMware Workstation. The VM must satisfy the following requirements:
- IMPORTANT: The network adapter of the virtual machine must be set to the Host-only settings. This is extremely important to prevent potential spreading of malware onto the host system or network.
- The hard drive of the VM must be at least 60 GB large, RAM should be at least 2 GB (more is recommended)
- Your Windows Username should not include any spaces or special characters
- Tamper Protection and any Antivirus program must be disabled.
- Windows Updates should also be disabled.
Step 2: Install Flare VM
Go to the official FlareVM Github repository (https://github.com/mandiant/flare-vm)
- Download the install.ps1 script
- Open Powershell as Administrator
- Go to the directory the script is located in and run: Unblock-File ..ps1
- Enable script execution: Set-ExecutionPolicy Unrestricted
- Type Y to accept
- Finally, exeute the script: .\install.ps1 and enter your Windows password when prompted
This installation can take some time (up to 3 hours). Your machine will reboot a few times during the installation.
Once you see “Type ENTER to exit:”, type Enter to Exit the script - then, the installation is complete.
Now, you should definitely save a snapshot of the VM so you can always revert back to this state if needed. In case of any failed package installations, the install script should also generate a failed_packages.txt file, in which the tools that failed to install correctly are listed. In case you need one of those tools, you can then install it manually. Now, you can get started with analyzing some malware samples!