Thursday, March 15, 2018

Malware Research Lab software installation ideas

Windows Lab Setup
----------------------------
0.) microsoft office was installed & licensed
1.) download & install chrome
2.) download & install notepad++
3.) download notepad++ JStool plugin & add to plugin folder
4.) download notepad++ Compare plugin & add to plugin folder
5.) download & install 7zip
6.) download & install adobe reader
7.) download & install adobe flash
8.) download & install java
9.) download & install python 2
10.) download & install python 3
11.) download & install process hacker
12.) download & install wireshark & winpcap
13.) download & install move mouse (and .net 3.5 if necessary)
14.) download pestudio
15.) download procmon (live.sysinternals.com)
16.) download regshot
17.) change folder options to "show hidden files"
18.) change folder options to "show known file extensions"
19.) download PEiD
20.) download DIE (detect it easy)
21.) download ProcDot & graphviz & windump
22.) disable windows defender
23.) disable windows firewall
24.) download officemalscanner
25.) download python scripts, create batch script wrappers to drag & drop files
olevba.py,rtfobj.py (python2 -m pip install oletools)
oledump.py
rtfdump.py
pdf-parser.py
peepdf.py
pdfid.py
shellcode2exe.py
base64dump.py
26.) download xorsearch.exe
27.) download scdbg.exe
28.) download jmp2it.exe
29.) download punbup.exe
30.) download lnk_parser_cmd.exe
31.) api monitor
32.) x64dbg
33.) HxD
34.) process explorer
35.) PE Bear

XX.) Rename the common ones (like process explorer, process hacker, wireshark, etc.) to avoid malware that is specifically looking for those executable names
XX.) Restart virtual machine
XX.) Snapshot virtual machine

No comments:

Post a Comment