Obtaining malware
In preparation to step my reversing game up I have decided to setup some infrastructure and tools to make it easier to jump straight into malware.
I have a dedicated lab system and in Virtualbox I have pfSense VM that automatically connects to a VPN provider and supplies a network for the following VMs: Windows, Remnux, and Security Onion
Both REMnux and Security Onion just released major updates, definitely check them out.
Having the sysytems ready, snapshots taken, I just need a way to obtain malware. Previously I would use Malshare
Don’t get me wrong, malshare is great, however the submissions arent necessarily “Malicious”. Recently the folks over at Abuse.ch came out with MalwareBazaar
What sets MalwareBazaar apart from Malshare is that MalwareBazaar does not accept Adware or PUP/PUA uploads, and typically only accepts new samples.
Being me I can’t just be satisfied with a great website, luckily MalwareBazaar has a great API I can take advantage of. Ive created a quick little cli tool in python to help me grab some of that sweet sweet malware.
Now that you’ve obtained your malware what do you do with it. Do you have a special harddrive to store it on? Do you only keep it until you have analysed it? Personally I’m a bit of a horder, so I like to store mine in snake
Snake allows me to store malware as well as my analysis notes and it will even perform basic static analysis on the files with plugins called scales.
I will try to post some analysis blogs in the future showcasing the usage of these tools.