Skip to content

srinithisundar/malware-analysis-lab

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
Screenshots
Screenshots
 
 
README.md
README.md
 
 
flarevm-install.ps1
flarevm-install.ps1
 
 
network-setup.md
network-setup.md
 
 

Repository files navigation

Malware-Analysis-Lab Setup with FLARE VM & REMnux

Project Description

This repository contains a guide for setting up a malware analysis lab using FLARE VM and REMnux, two powerful tools for analyzing and reverse-engineering malware in a controlled environment. The lab is set up using VirtualBox or VMware and includes several useful tools for malware analysis, such as disassemblers, debuggers, and network monitoring tools.

Pre-Installation Steps

Before running the FLARE setup script, complete the following steps:

1. Disable proxy auto detect setting

  1. In the Windows search bar, search “proxy settings”.
  2. Switch "Automatically detect settings" button off.

2. Disable Tamper Protection

  1. Search "Defender", open Defender settings and set all Defender Settings to off.

3. Disable Antivirus/Defender in GPO(group policy)

  1. In Windows search bar, search "group policy"
  2. In GPO, navigate to → Administrative Templates → Windows Components → Microsoft Defender Antivirus → Enable “Turn off Microsoft Defender Antivirus”

4. Disable Windows Firewall

  1. GPO → Administrative Templates → Network → Network Connections → Windows Defender Firewall → Domain Profile → Disable “Protect All Network Connections”
  2. Do the same but for the Standard profile

Take a Snapshot

Setup Instructions

1. Setting Up FLARE VM

  1. Download the VirtualBox or the VMware from any browser and create a new virtual machine of Windows 10.
  2. Follow the Pre-Installation Steps above.
  3. Follow the script file(flarevm-install.ps1), this also has steps to install sysinternals(from which all tools can be found).
  4. Configure the machine settings for optimal performance(e.g., install VM Tools for full screen and clipboard sharing).

Take a snapshot once FLARE VM is fully configured.

2. Setting Up REMnux

  1. Download the REMnux ISO.
  2. Create a new virtual machine in VirtualBox/VMware.
  3. Install REMnux and update the system.

Take a snapshot of the REMnux setup.

Screenshots

  1. Group settings antivirus.png Description: Shows the group setting which has the antivirus turn-off been enabled.
  2. Flare main screen Flare_mainscreen.png Description: Main screen of Flare once installation is complete.
  3. Flare's Network Setting Networksetting_flare.png Description: Flare network settings to have that in the internal network.
  4. REMnux main screen REMnux_mainscreen.png Description: Main screen of REMnux once installation is complete
  5. VirtualBox Flare's Settings vbox_flaresettings.png Description: Network setting in the VirtualBox to be in the internal network
  6. VirtualBox REMnux's Settings vbox_remnuxsetting.png Description: Network setting in the VirtualBox to be in the internal network

Tools Used

  • FLARE VM: A Windows-based virtual machine for malware analysis, containing various reverse engineering tools.
  • REMnux: A Linux-based virtual machine containing open-source tools for malware analysis.
  • VirtualBox/VMware: Virtualization platforms used to run the lab environments.

About

Malware Analysis Lab Setup

github.com/srinithisundar/malware-analysis-lab.git

Topics

virtualization malware-analysis virtualbox-vm lab-setup inetsim-setup internal-network-setup

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Languages