Setting Up REMnux Environment
Tools and Software Setup:
REMnux:
REMnux is a specialized Linux distribution designed for malware analysis.
Version: REMnux v7.
The appliance is available for download from the official REMnux website.
Virtual Machine Guest Tools Installation:
VirtualBox:
Click on Devices in the VirtualBox menu.
Select Insert Guest Additions CD Image.
Run the installer to install the guest tools.
VMware or Other VM Hosting Software:
Check the respective documentation to install the guest tools.
Credentials:
Username:
remnux
Password:
malware
Post Installation:
Restart the operating system.
Enable Drag and Drop and Clipboard Sharing.
Test these features by dragging and dropping files (e.g., course archives) into a folder.
Extracting Course Files:
Use the
7z
command-line tool to extract course files:Extract the files into the folder
RE_nonmalware_samples
.
IDA Freeware Installation:
Download the Linux version of IDA Freeware from the Hex-Rays website.
The installation package is a
.run
file.Installation Steps:
Open a terminal in the folder where the IDA Freeware was downloaded.
Grant execute permissions to the installer using
chmod
:Run the installer to install IDA Free.
Shortcut Configuration:
A shortcut for IDA Free is stored in the
Desktop
folder.To make it globally accessible, move the shortcut to the shared applications folder.
Setting Up FakeNet:
FakeNet: A network simulation tool that is useful for analyzing how malware interacts with the network.
Run FakeNet with root privileges using
sudo
.Common Issue:
If you encounter an error related to DNS port (Port 53) already being used, the
systemd-resolved
service might be the cause.
Solution:
Disable the
systemd-resolved
service:Edit the Network Manager configuration file (
/etc/NetworkManager/NetworkManager.conf
):Add the following line under the
[main]
section:Save and exit the editor.
Restart the Network Manager service:
Verification:
Run the
lsof
command to ensure that Port 53 is free:FakeNet should now run smoothly.
Final Step:
Take a snapshot of the VM state, which includes the configured REMnux environment and the course files, to preserve the setup for future analysis.
These notes cover the essential steps to set up the REMnux environment for ELF analysis, including installing necessary tools and configuring network settings for smooth operation.
Last updated