How To Setup A Sandbox Environment For Malware Analysis

How to setup a malware analysis lab

Hypervisors

  • VMware
  • VirtualBox

We will be using VirtualBox because it is the easiest to configure.

You can download VirtualBox here.

Important notes

  • Do not use your main computer, accidental infections can be extremely damaging.
  • Use a different network segment/subnet to avoid any accidental infections of other computers on your network.
  • Most modern malware is designed with anti-analysis in mind.
    • They come with anti-analysis features and checks
    • They also come with anti-virtual machine features that prevent it from running as intended when it discovers it is being run in a virtualized environment.

How to avoid anti-malware and anti virtualization checks

  • Make the system appear as real as possible.
    • Use common hardware specifications
      • 2-4GB of RAM
      • More than 80GB of HDD space
      • 2 or more CPU’s
  • Install commonly used software
    • VLC
    • Adobe
    • Firefox, chrome, etc.
    • You can also open and view several documents.

  • Do not install VirtualBox guest additions – this will reduce performance and overall convenience but it is very important.
  • Trick the malware into thinking it is online – Malware usually checks whether it can connect to common sites, you can use FakeNet to evade this. And to monitor what sites the malware is checking.

Getting started – Setting up the base instance

  • System specifications
  • Install all the tools you will use (analysis tools and others)
  • Update your system to the version and release you want.
  • Turn off updates, anti-malware, and a firewall.

Now take a snapshot of the base system, this will be the snapshot you will revert to when you want to analyze new or different malware.

 

Setting up the analysis instance

  • Setup host only adapter
  • Uninstall VirtualBox guest additions
  • Setup FakeNet
  • Good to go!

FakeNet: https://sourceforge.net/projects/fakenet/

Note: If you want to transfer files to the VM you can create a shared folder.

Liked it? Take a second to support Alexis on Patreon!
Share this post

Leave a Reply

Your email address will not be published. Required fields are marked *