Tools for Malware Analysis

As there are a running campaign to send malware by mail disguised as invoice or price enquiry, I’d like to have some clue on what those malwares are suppose to do.

I will update the article with what I learn about the process of analysing reverse engineering malware.

The first step is to list the tools, and secure malware handling practice.

Regarding malware handling, I recall you shall handle them in virtual environment but I’d like to read more about it before I attempt anything on that line.

Step 1 – the tools

Virtual machine:

Oracle VM VirtualBox

OS:

REMNUX

This is an OS distribution to analyze both windows and Linux malware. The distro is based on Ubuntu.

https://remnux.org/

Online courses: https://www.sans.org/ ($7000,00)

Tools for linux malware only:

Automating Linux Malware analysis using Limon sandbox:

https://www.blackhat.com/docs/eu-15/materials/eu-15-KA-Automating-Linux-Malware-Analysis-Using-Limon-Sandbox-wp.pdf

Create and hold your private key securely.

The best way to securely create and hold your private key is to do so on an encrypted drive. In that way only you will have access to the data even in the event your drive get lost or stolen.

Why creating a private key directly on an encrypted drive is more secure?

In case you stored your private key on a non encrypted drive, keep in mind that, even if you delete the key from the drive, the data will still be accessible through data recovery process. The only way to make sure the data is not accessible after you erase them is to write zero to the drive, which means you will lose any other data stored on that drive in the process.

That’s the main reason why you should create your private key securely directly on an encrypted drive and don’t move them around. Backup of the key should be also held on an encrypted drive.

To generate your SSL key pair, download and install openSSL.

Generating self signed certificate:

On a windows machine after installing and setting up openssl:

run cmd

cd C:\OpenSSL-Win32\bin

change the path after the cd command to your OpenSSL installation path

openssl genrsa -des3 -out server.key 4096
enter pass phrase for server.key:

Important: enter a password here, nothing will be displayed on screen, you will be ask to confirm this password that will be used during the next step

openssl req -config C:\OpenSSL-Win32\bin\cnf\openssl.cnf -new -key server.key -out server.csr 
enter pass phrase for server.key:

This is the pass phrase you created at the previous step.

Important: leave challenge password blank, virtuemart won’t be able to validate the certificate if anything is entered as chanllenge password. Leave it blank.

Generate certificate:

openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt 

For 2048 bits long certificate so first line become:

openssl genrsa -des3 -out server.key 2048