Jump to content
Existing user? Sign In

Sign In



Sign Up

How to setup a malware testing environment to protect yourself from malicious files


Younes

Recommended Posts

In this guide we will setup a malware testing environment with VirtualBox and windows 7.

Use this environment to test any files you do NOT trust to ensure your main device is not infected should it be malware you're opening.
Part 1 will be covered in the video below, Part 2 can be found at the bottom of this thread.

 

Part 1: Setting up the VM with Windows 7.
 

Requirements
 

- VirtualBox
Virtual Machine software.



 
	
		
This is the hidden content, please


 

- Windows 7 ISO
I expect you to be able to find your own source for that.

 

 


Setup & installation process.

This is the hidden content, please

 

 


Part 2: Putting together a malware analysis toolkit.

Useful tools
 

-Comodo firewall
Firewall that monitors your incoming and outgoing traffic.



 
	
		
This is the hidden content, please


 

-MalwareBytes anti-malware
Anti virus software.



 
	
		
This is the hidden content, please


 

-Unlocker
Useful when removing malware, can unlock, destroy, etc.. files.



 
	
		
This is the hidden content, please


 

-Regshot
Shows system and registery chances before and after your machine has been infected.



 
	
		
This is the hidden content, please

 

 

-IDA Freeware / Ollydbg
Disassembler & debugger that can help you reverse engineer compiled executeables and help you analyze their code, etc..



 
	
		
This is the hidden content, please
This is the hidden content, please


 

-OllyDumpEx
Memory dumper that dumps the system's memory in a file to help you disassemble a packed executable where the instructions are encoded or encrypted.



 
	
		
This is the hidden content, please

 

 

-Process explorer / Process hacker
Replacement for task manager, helps you manage malicious processes.
 



 
	
		
This is the hidden content, please
This is the hidden content, please

 

 

-Wireshark
Popular network sniffer, useful to detect malicious network communication requests.



 
	
		
This is the hidden content, please

 

 

-ProcDOT / Process monitor
A file and registry monitor useful to show you how malware plants itself on your machine.



 
	
		
This is the hidden content, please
This is the hidden content, please


 

 

 

Useful online tools
 



 
	
		
This is the hidden content, please
This is the hidden content, please
This is the hidden content, please
This is the hidden content, please
This is the hidden content, please

 

The above websites are useful for reverse engineering malware.
 

 


Final steps
 


When you have downloaded your desired tools, install Microsoft .NET Framework 4.5.2. When that is done, take a snapshot on your VM so you have a clean VM to restore back to.


1. Go to "Machine" -> "Take Snapshot..." .

k9zGuRq.jpg



2. Name it and hit "Ok".

UEgSPTn.jpg


3. The VM will now save it's current state.

O9iJkaC.png


When you want to restore your VM after testing malware, hit the "X" in the top right corner and select "Power off the machine" & "Restore to current snapshot (snapshot name)".

8A6oG9A.jpg


As you can see it will be rolled back to your clean VM.

JNfZ6l3.jpg

 


If you're going to transfer files via a shared folder, make sure it's on READ ONLY, when you're doing testing make sure you DISCONNECT the folder.
I personally use a USB drive to transfer, to prevent the malware I'm testing to escape the VM.

 

 


That's the end of this guide, I hope everyone was able to setup their VM, if something went wrong or you have any questions, don't hesitate to post them below. I will do my best to answer all your questions.
I welcome all critics, good or bad on my threads so feel free to leave a reply.

Link to comment
Share on other sites

  • 2 weeks later...

Contact

[email protected]

astra.security

What is a RSPS?

A RSPS, also known as RuneScape private server, is an online game based on RuneScape, and controlled by independent individuals.

Popular RSPS Servers

Runewild Ikov RedemptionRSPS

Disclaimer

Runesuite is not affiliated with runescape, jagex in any way & exists solely for educational purposes.

×
×
  • Create New...