Jump to content
Tuts 4 You

Set up VirtualBox for malware analyzing?


high6

Recommended Posts

I wanna get into malware analyzing with a virtual box but I have a few questions.

What are some things I should/shouldn't do with the virtual machine that might make it secure/insecure?

Will installing guest additions make the virtual box insecure?

Will having a shared folder with read only permission make it insecure?

And what are some things I should know about VirtualBox before I debug malware?

Link to comment

Basics are:

*Pull out internet connection.

*Reset VM after done reversing.

However, you'll find it's pretty useless to try in VM because most of the recent malware will exit due they detect virtual machines and assume debugging.

lena151.

Link to comment
Basics are:

*Pull out internet connection.

*Reset VM after done reversing.

However, you'll find it's pretty useless to try in VM because most of the recent malware will exit due they detect virtual machines and assume debugging.

lena151.

Is it possible to backup the VM?

Also couldn't I force it to run in VM?

Edited by high6
Link to comment

If you have to ask those questions, it's probably better to forget about the whole malware thing.

If it was shown on TV, they would have to say: "Kids, don't do this at home".

Getting infected is the best way to learn the hard way what not to do, so here are a few tips anyway.

Additions are usually a must.

They modify the OS to run better in the VM.

Disable the virtual network adapter.

It will kill local network and internet and everything else that you could forget.

Don't ever use their own internal directory sharing or whatever they call it.

VMWare is insecure there.

Network sharing is ok when starting from a 100% clean image to set up your VM.

It will disappear when you disable completely the virtual network adapter.

Whatever is in the VM dies there, don't ever transfer anything back to the host pc.

TiGa

Link to comment
If you have to ask those questions, it's probably better to forget about the whole malware thing.

If it was shown on TV, they would have to say: "Kids, don't do this at home".

Getting infected is the best way to learn the hard way what not to do, so here are a few tips anyway.

Additions are usually a must.

They modify the OS to run better in the VM.

Disable the virtual network adapter.

It will kill local network and internet and everything else that you could forget.

Don't ever use their own internal directory sharing or whatever they call it.

VMWare is insecure there.

Network sharing is ok when starting from a 100% clean image to set up your VM.

It will disappear when you disable completely the virtual network adapter.

Whatever is in the VM dies there, don't ever transfer anything back to the host pc.

TiGa

Okay, and to backup so I don't have to reinstall window 50+ times just backup the .VDI and when I want to restart just replace the original vdi with the backed up?

Its really simple malware that I want to analyze.

Edited by high6
Link to comment
There is a simple function for making making a copy of the VM.

I didn't see one in sun VirtualBox. I'll look harder.

Link to comment

VirtualBox is a nice and light VM but is a "new born" so it isn't enough Robust (Fault Tollerant), and you

could encounter defects with some devices, such as USB.

Use VMware, and make a Snapshot before beginning the analysis.

Remember also that there are many Mw which implements anti-VM tricks, be aware of that! :)

Regards,

Evilcry

Link to comment

the safest way is to do it on a seperate machine. virtualboxes are not 100% foolproof

Edited by GEEK
Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...