Malware Analysis Tools Set Up for Linux


Analyzing Flash malware:
swftools, flasm, flare

Analyzing IRC bots: IRC server (Inspire IRCd) and client (Irssi). To launch the IRC server, type “ircd start“; to shut it down “ircd stop“. To launch the IRC client, type “irc“.

Network-monitoring and interactions:
Wireshark, Honeyd, INetSim, fakedns and fakesmtp scripts, NetCat

JavaScript deobfuscation: Firefox with Firebug, NoScript and JavaScript Deobfuscator extensions, Rhino debugger, two versions of patched SpiderMonkey, Windows Script Decoder, Jsunpack-n [quite simple to use]

Interacting with web malware in the lab:
TinyHTTPd, Paros proxy

Analyzing shellcode: gdb, objdump, Radare (hex editor+disassembler), shellcode2exe

Dealing with protected executables:
upx, packerid, bytehist, xorsearch, TRiD

Malicious PDF analysis:
Didier’s PDF tools, Origami framework, Jsunpack-n, pdftk

Memory forensics:
Volatility Framework and malware-related plugins

Miscellaneous: unzip, strings, ssdeep, feh image viewer, SciTE text editor, OpenSSH server


REMnux is a linux distribution which has got most of the tools specified above. It is intended for malware analysis, i love it..

1) Just setup a windows victim host and route all the traffic to a REMnux Machine [Change the Gateway on victim to this machine].

2) Run the required services like IRC, FakeDNS, TinyHTTPd etc as required by malware to observe its interactions. Also capture traffic since it provides the evidence.

About Uma Mahesh

A Creator/Equilizer. Creator/Equalizers are catalysts for positive, well-organized change. They never settle for the status quo. Instead, they see the opportunity for innovation in the processes that others have long taken for granted. They respect what's already operating, but they can't help but want to improve upon it. Their special combination provides innovation tempered with profound logic. They have incredible discernment. Should their efforts fail, they are unhesitating in accepting responsibility. They don't wallow in self-pity but rather see these missed attempts as critical steps on the path to success.
This entry was posted in Articles, Resources and tagged , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s