Malboxes - Builds Malware Analysis Windows Vms Together With Therefore That Y'all Don't Bring To
Builds malware analysis Windows virtual machines therefore that y'all don’t convey to.
Requirements
- Python 3.3+
- packer: https://www.packer.io/docs/install/index.html
- vagrant: https://www.vagrantup.com/downloads.html
- VirtualBox or an vSphere / ESXi server
Minimum specs for the construct machine
- At to the lowest degree five GB of RAM
- VT-X extensions strongly recommended
Debian
apt install vagrant git python3-pip
Installation
Linux/Unix
- Install git, vagrant as well as packer using your distribution’s packaging tool (packer is sometimes called packer-io)
-
pip install
malboxes:
sudo pip3 install git+https://github.com/GoSecure/malboxes.git#egg=malboxes
Windows
Using Chocolatey
The next steps assume that y'all convey Chocolatey installed. Otherwise, follow the manual installation procedure.
Note | Starting amongst Windows 10 Hyper-V is e'er running below the operating system. Since VT-X needs to hold out operated solely yesteryear exactly i Hypervisor this causes VirtualBox (and malboxes) to fail. To disable Hyper-V as well as allow VirtualBox to run, consequence the next ascendency inwards an administrative ascendency prompt therefore reboot: bcdedit /set hypervisorlaunchtype off |
Using Chocolatey
The next steps assume that y'all convey Chocolatey installed. Otherwise, follow the manual installation procedure.
- Install dependencies:
choco install python vagrant packer git virtualbox
- Refresh the console
refreshenv
- Install malboxes:
pip3 install setuptools pip3 install -U git+https://github.com/GoSecure/malboxes.git#egg=malboxes
Manually
- Install VirtualBox, Vagrant as well as git
- Install Packer, driblet the packer binary inwards a folder inwards your user’s PATH similar
C:\Windows\System32\
- Install Python 3 (make certain to add together Python to your surround variables)
- Open a console (Windows-Key + cmd)
pip3 install setuptools pip3 install -U git+https://github.com/GoSecure/malboxes.git#egg=malboxes
Usage
Box creation
Box creation
This creates your base of operations box that is imported inwards Vagrant. Afterwards y'all tin strength out re-use the same box several times per sample analysis.
Run:
malboxes construct
You tin strength out also listing all supported templates with:
malboxes list
This volition construct a Vagrant box cook for malware investigation y'all tin strength out directly include it inwards a Vagrantfile afterwards.
For example:
malboxes construct win10_64_analyst
The configuration section contains farther information almost what tin strength out hold out configured amongst malboxes.
Per analysis instances
malboxes spin win10_64_analyst
This volition create a
Vagrantfile
prepared to usage for malware analysis. Move it into a directory of your choice as well as issue:vagrant up
By default the local directory volition hold out shared inwards the VM on the Desktop. This tin strength out hold out changed yesteryear commenting the relevant purpose of the
Vagrantfile
. For example:
malboxes spin win7_32_analyst 20160519.cryptolocker.xyz
Configuration
Malboxes' configuration is located inwards a directory that follows commons operating organisation conventions:
- Linux/Unix:
/.config/malboxes/
- Mac OS X:
/Library/Application Support/malboxes/
- Win 7+:
C:\Users\
\AppData\Local\malboxes\malboxes\
The file is named
config.js
as well as is copied from an illustration file on origin run. The illustration configuration is documented.ESXi / vSphere support
Malboxes uses virtualbox equally a back-end yesteryear default but since version 0.3.0 back upwards for ESXi / vSphere has been added. Notes almost the steps required for ESXi / vSphere back upwards are available. Since everyone’s setup is a footling chip dissimilar exercise non hesitate to opened upwards an consequence if y'all run into a work or amend our documentation via a push clit request.
Profiles
Profiles
We are exploring amongst the concept of profiles which are stored separately than the configuration as well as tin strength out hold out used to create files, alter the registry or install additional packages. See profile-example.js for an illustration configuration. This novel capacity is experimental as well as bailiwick to alter equally nosotros experiment amongst it.
More information