Difference between revisions of "VirtualBox: How to Setup your Malware Analysis"
| Line 5: | Line 5: | ||
As advanced malware nowadays is able to detect its environment (e.g. scanning for RAM, CPU cores, disk space, registry keys and even drivers) they are now able to stop their execution if they detect a virtualized environment. Therefore it is critical to setup your malware analysis VM correctly. | As advanced malware nowadays is able to detect its environment (e.g. scanning for RAM, CPU cores, disk space, registry keys and even drivers) they are now able to stop their execution if they detect a virtualized environment. Therefore it is critical to setup your malware analysis VM correctly. | ||
In order to render your VM undetectable we have chosen two state-of-the-art tools on Github. One only supports Windows as its host OS and the other is relying on dependencies only available on Ubuntu. Though we will use Windows 7 | In order to render your VM undetectable we have chosen two state-of-the-art tools on Github. One only supports Windows as its host OS and the other is relying on dependencies only available on Ubuntu. Though we will use Windows 7 on both as the host VM as it is the most popular for malware attacks. | ||
== Requirements == | == Requirements == | ||
| Line 11: | Line 11: | ||
* Host Operating System: Ubuntu 16/18.04 or Windows 7/10 | * Host Operating System: Ubuntu 16/18.04 or Windows 7/10 | ||
* Guest Operating System: Windows 7 Home Premium 64-Bit | * Guest Operating System: Windows 7 Home Premium 64-Bit | ||
* VirtualBox | * Software: VirtualBox 6.0.14 | ||
* Tools: | * Tools for VM-hardening: [https://github.com/hfiref0x/VBoxHardenedLoader VBoxHardenedLoader] (for Windows) and [https://github.com/nsmfoo/antivmdetection antivmdetection] (for Ubuntu) | ||
* Tools to check hardened VM: [https://github.com/a0rtega/pafish Pafish] | |||
In order to complete these steps, you must have followed [[Some Other Documentation]] before. | In order to complete these steps, you must have followed [[Some Other Documentation]] before. | ||
== | == Sandboxing on Windows == | ||
=== Step 1 === | === Step 1 === | ||
echo foo | echo foo | ||
| Line 32: | Line 33: | ||
* Lord of the Rings | * Lord of the Rings | ||
* The Baroque Cycle | * The Baroque Cycle | ||
== Sandboxing on Ubuntu == | |||
== Used Hardware == | == Used Hardware == | ||
Revision as of 19:08, 5 December 2019
Summary
This documentation will provide you with a step-by-step guide to creating a virtual machine over VirtualBox. Though, we will not create a generic VM! This VM will provide you with a completely non-detectable environment for Malware Analysis.
As advanced malware nowadays is able to detect its environment (e.g. scanning for RAM, CPU cores, disk space, registry keys and even drivers) they are now able to stop their execution if they detect a virtualized environment. Therefore it is critical to setup your malware analysis VM correctly.
In order to render your VM undetectable we have chosen two state-of-the-art tools on Github. One only supports Windows as its host OS and the other is relying on dependencies only available on Ubuntu. Though we will use Windows 7 on both as the host VM as it is the most popular for malware attacks.
Requirements
- Host Operating System: Ubuntu 16/18.04 or Windows 7/10
- Guest Operating System: Windows 7 Home Premium 64-Bit
- Software: VirtualBox 6.0.14
- Tools for VM-hardening: VBoxHardenedLoader (for Windows) and antivmdetection (for Ubuntu)
- Tools to check hardened VM: Pafish
In order to complete these steps, you must have followed Some Other Documentation before.
Sandboxing on Windows
Step 1
echo foo echo bar
Step 2
Make sure to read
- War and Peace
- Lord of the Rings
- The Baroque Cycle
Sandboxing on Ubuntu
Used Hardware
Device to be used with this documentation Maybe another device to be used with this documentation
Courses
- A course where this documentation was used (2017, 2018)
- Another one (2018)