Younes 192 Posted October 20, 2017 Report Share Posted October 20, 2017 In this guide we will setup a malware testing environment with VirtualBox and windows 7. Use this environment to test any files you do NOT trust to ensure your main device is not infected should it be malware you're opening. Part 1 will be covered in the video below, Part 2 can be found at the bottom of this thread. Part 1: Setting up the VM with Windows 7. Requirements - VirtualBoxVirtual Machine software. This is the hidden content, please Sign In or Sign Up - Windows 7 ISOI expect you to be able to find your own source for that. Setup & installation process. This is the hidden content, please Sign In or Sign Up Part 2: Putting together a malware analysis toolkit. Useful tools -Comodo firewallFirewall that monitors your incoming and outgoing traffic. This is the hidden content, please Sign In or Sign Up -MalwareBytes anti-malwareAnti virus software. This is the hidden content, please Sign In or Sign Up -UnlockerUseful when removing malware, can unlock, destroy, etc.. files. This is the hidden content, please Sign In or Sign Up -RegshotShows system and registery chances before and after your machine has been infected. This is the hidden content, please Sign In or Sign Up -IDA Freeware / OllydbgDisassembler & debugger that can help you reverse engineer compiled executeables and help you analyze their code, etc.. This is the hidden content, please Sign In or Sign Up This is the hidden content, please Sign In or Sign Up -OllyDumpExMemory dumper that dumps the system's memory in a file to help you disassemble a packed executable where the instructions are encoded or encrypted. This is the hidden content, please Sign In or Sign Up -Process explorer / Process hackerReplacement for task manager, helps you manage malicious processes. This is the hidden content, please Sign In or Sign Up This is the hidden content, please Sign In or Sign Up -WiresharkPopular network sniffer, useful to detect malicious network communication requests. This is the hidden content, please Sign In or Sign Up -ProcDOT / Process monitorA file and registry monitor useful to show you how malware plants itself on your machine. This is the hidden content, please Sign In or Sign Up This is the hidden content, please Sign In or Sign Up Useful online tools This is the hidden content, please Sign In or Sign Up This is the hidden content, please Sign In or Sign Up This is the hidden content, please Sign In or Sign Up This is the hidden content, please Sign In or Sign Up This is the hidden content, please Sign In or Sign Up The above websites are useful for reverse engineering malware. Final steps When you have downloaded your desired tools, install Microsoft .NET Framework 4.5.2. When that is done, take a snapshot on your VM so you have a clean VM to restore back to. 1. Go to "Machine" -> "Take Snapshot..." . 2. Name it and hit "Ok". 3. The VM will now save it's current state. When you want to restore your VM after testing malware, hit the "X" in the top right corner and select "Power off the machine" & "Restore to current snapshot (snapshot name)". As you can see it will be rolled back to your clean VM. If you're going to transfer files via a shared folder, make sure it's on READ ONLY, when you're doing testing make sure you DISCONNECT the folder. I personally use a USB drive to transfer, to prevent the malware I'm testing to escape the VM. That's the end of this guide, I hope everyone was able to setup their VM, if something went wrong or you have any questions, don't hesitate to post them below. I will do my best to answer all your questions. I welcome all critics, good or bad on my threads so feel free to leave a reply. 4 Link to comment Share on other sites More sharing options...
Zakku 178 Posted October 30, 2017 Report Share Posted October 30, 2017 (edited) Error 404 page not found on the unlocker link, overall good guide. Edited October 30, 2017 by Zakku Autocorrect Link to comment Share on other sites More sharing options...
Recommended Posts