A Practical Approach to Malware Exploration : Setting up a Dedicated Analysis Lab
Franko, Alex (2024)
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:amk-2024051411535
https://urn.fi/URN:NBN:fi:amk-2024051411535
Tiivistelmä
The objective of this study was to design and implement a virtual lab environment for malware analysis. The core of this work involved the construction of a primary Windows VM for main analysis tasks and a secondary Linux VM. This setup provides an isolated, controlled, and secure environment for both static and dynamic malware analysis.
To undertake this analysis, the lab environment used FlareVM on the Windows VM for host-based analysis and REMnux on the Linux VM for network traffic analysis. The methodology encompassed deploying these environments in a virtual, isolated, and safe setting. Static analysis involved disassembling binaries and examining data extracted from the binaries without execution, while dynamic analysis focused on observing malware behaviour in real-time within the virtual environment.
The analysis of both custom-made and real-world malware samples demonstrated the effectiveness of the lab and its capability in dissecting various types of malware samples. The results showed that the lab environment can effectively simulate real-world conditions allowing for efficient analysis of malware behaviour without risk to external systems.
In conclusion, the study confirms the efficiency of the lab environment in performing malware analysis. The lab environment not only supports advanced malware analysis tasks, but also acts as a replicable model for education in the sphere of cybersecurity.
To undertake this analysis, the lab environment used FlareVM on the Windows VM for host-based analysis and REMnux on the Linux VM for network traffic analysis. The methodology encompassed deploying these environments in a virtual, isolated, and safe setting. Static analysis involved disassembling binaries and examining data extracted from the binaries without execution, while dynamic analysis focused on observing malware behaviour in real-time within the virtual environment.
The analysis of both custom-made and real-world malware samples demonstrated the effectiveness of the lab and its capability in dissecting various types of malware samples. The results showed that the lab environment can effectively simulate real-world conditions allowing for efficient analysis of malware behaviour without risk to external systems.
In conclusion, the study confirms the efficiency of the lab environment in performing malware analysis. The lab environment not only supports advanced malware analysis tasks, but also acts as a replicable model for education in the sphere of cybersecurity.