Setting Up REMnux Environment

Tools and Software Setup:

  1. REMnux:

    • REMnux is a specialized Linux distribution designed for malware analysis.

    • Version: REMnux v7.

    • The appliance is available for download from the official REMnux website.

  2. Virtual Machine Guest Tools Installation:

    • VirtualBox:

      • Click on Devices in the VirtualBox menu.

      • Select Insert Guest Additions CD Image.

      • Run the installer to install the guest tools.

    • VMware or Other VM Hosting Software:

      • Check the respective documentation to install the guest tools.

    • Credentials:

      • Username: remnux

      • Password: malware

    • Post Installation:

      • Restart the operating system.

      • Enable Drag and Drop and Clipboard Sharing.

      • Test these features by dragging and dropping files (e.g., course archives) into a folder.

  3. Extracting Course Files:

    • Use the 7z command-line tool to extract course files:

      bashCopy code7z e re_nonmalware_samples.7z -oRE_nonmalware_samples

    • Extract the files into the folder RE_nonmalware_samples.

  4. IDA Freeware Installation:

    • Download the Linux version of IDA Freeware from the Hex-Rays website.

    • The installation package is a .run file.

    • Installation Steps:

      • Open a terminal in the folder where the IDA Freeware was downloaded.

      • Grant execute permissions to the installer using chmod:

        bashCopy codechmod +x idafree.run

      • Run the installer to install IDA Free.

    • Shortcut Configuration:

      • A shortcut for IDA Free is stored in the Desktop folder.

      • To make it globally accessible, move the shortcut to the shared applications folder.

  5. Setting Up FakeNet:

    • FakeNet: A network simulation tool that is useful for analyzing how malware interacts with the network.

    • Run FakeNet with root privileges using sudo.

    • Common Issue:

      • If you encounter an error related to DNS port (Port 53) already being used, the systemd-resolved service might be the cause.

    • Solution:

      • Disable the systemd-resolved service:

        bashCopy codesudo systemctl stop systemd-resolved
sudo systemctl disable systemd-resolved

      • Edit the Network Manager configuration file (/etc/NetworkManager/NetworkManager.conf):

        • Add the following line under the [main] section:

          bashCopy codedns=default

        • Save and exit the editor.

      • Restart the Network Manager service:

        bashCopy codesudo systemctl restart NetworkManager

    • Verification:

      • Run the lsof command to ensure that Port 53 is free:

        bashCopy codesudo lsof -i :53

      • FakeNet should now run smoothly.

  6. Final Step:

    • Take a snapshot of the VM state, which includes the configured REMnux environment and the course files, to preserve the setup for future analysis.

These notes cover the essential steps to set up the REMnux environment for ELF analysis, including installing necessary tools and configuring network settings for smooth operation.

PreviousAnalyzing Macro Code in Office DocumentsNextSetting Up and Configuring FakeNet in REMnux

Last updated