Malware Lab Setup for Static Analysis

[Deque]

Gotcha. Thanks for the clarification.

Sent from my Nexus 6P using Tapatalk

Hi ducksauce88.

You got the impression from this tutorial, but keep in mind that I discussed here the possibilities of static analysis in a non-safe environment (no VM and no dedicated machine that you can roll back). There are some situations were you might need that.

The best is of course if you can use the safe environment for everything.

[Racheltjie de Beer]

Hi Deque,

Thank you for an interesting article.

I'm pre-noob when it come to this subject mater but I've experience ppl acting very similar than some of the comments.

For a newbie, in this case, it sounds like a lot more work / reading / thinking to do static analysis than dynamic analysis.  [Insert argument to start at the wrong place first – I've heard it]  It makes logical sense to study something before pressing the on button, just ask the bomb squad.  In the dev environment, the newbies don't want to read up, read code, etc. They want to press run and see what happens, but they don't know what they are looking at because they don't know the underlying system. Soon they figure out that they will have to, in any case, work / reading / thinking.

Edit: (I've jump the gun, I saw your other tutorials)
A bit of topic… How do you receive these samples?
On email, USB stick etc?
How do you prevent it from executing just by receiving it? (I assume some malware can propagate like a virus)

[deltonos]

In the dev environment, the newbies don't want to read up, read code, etc. They want to press run and see what happens,

Thats sounds sad, but mostly around the world is true nowadays. I´m not a developer, but since last time of 90`s I had to deal with many "cakes" of malware. I know it gonna fuck me... but I want to know in what way (where it going to comunicate, what info will going to be stolen, etc). Antivirus, Endpoints protecctions and similars I think are mitigation, not for prevention.

Regards.

P.S Thanks @deque

[Racheltjie de Beer]

...
 but I want to know in what way (where it going to comunicate, what info will going to be stolen, etc). Antivirus, Endpoints protecctions and similars I think are mitigation, not for prevention.
...

It was not curiosity that killed the cat, it was a little boy and a microwave...
In the 90, when you still could email exe, I made a simple "bomb" app to email to an idiot.  On load, kicked of a new thread to load the same app as a new process/program (each one needed to be killed separately).  On close did the same.  So I coded and compiled the thing and like a toad I pressed run on my PC (just to see what will happened). Guess I was the id10t

Win 95 crashed after loading 127 programs in 10 sec...

Any case, studying code will tell you almost all you need to know.  And I would try and do that first before testing the "unknown" interactions, like with Anti virus etc.