Reverse Engineering Malicious Software: REMnux Distro
Convert Text to Speech
REMnux v6 – A Linux Toolkit for Reverse-Engineering and Analyzing Malware – has been released. REMnux v6 updates the tools that were present in the earlier revisions of the distro and introduces several new ones. Moreover, it implements major architectural changes behind the scenes to allow REMnux users to easily apply future updates without having to download the full REMnux environment from scratch.
REMnu is a free Linux toolkit for assisting malware analysts with reverse-engineering malicious software. It strives to make it easier for forensic investigators and incident responders to start using the variety of freely-available tools that can examine malware, yet might be difficult to locate or set up.
[adsense size='1']
The heart of the project is the REMnux Linux distribution based on Ubuntu. This lightweight distro incorporates many tools for analyzing Windows and Linux malware, examining browser-based threats such as obfuscated JavaScript, exploring suspicious document files and taking apart other malicious artifacts. Investigators can also use the distro to intercept suspicious network traffic in an isolated lab when performing behavioral malware analysis.
Download and Install the REMnux Distro
The simplest way to get the REMnux distro is to download the REMnux virtual appliance file in the OVA format, then import it into your favorite virtualization application. After starting the resulting virtual machine, run the “update-remnux full” command to update its software.
Alternatively, you can add the REMnux distro to an existing physical or virtual system running a compatible version of Ubuntu, including SIFT Workstation. You can accomplish this by running the REMnux installation script on the system, as explained in the documentation.
Malware Analyis Tools Installed on REMnux
The REMnux distribution includes many free tools useful for examining malicious software. These utilities are set up and tested to make it easier for you to perform malware analysis tasks without needing to figure out how to install them. The tools installed on REMnux can help you:
- Examine browser malware
- Analyze malicious document files
- Extract and decode suspicious artifacts
- Handle laboratory network interactions
- Review multiple malware samples
- Examine properties and contents of suspicious files
- Investigate Linux and Windows malware
- Perform memory forensics
For a full listing of the malware analysis tools installed on the REMnux distro, see the REMnux tools catalog.
[adsense size='1']
Docker Images for Malware Analysis Tools
One aspect of the REMnux project involves providing Docker images of popular malware analysis tools, with the goal of allowing investigators to conveniently utilize difficult-to-install applications without having to install the REMnux distro. Such images could be compared to lightweight virtual machines; though they don’t offer the same level of isolation as real VMs, they provide a container within which the application can be encapsulated along with its dependencies.
For more information about this initiative, see REMnux documentation related to Docker Images for Malware Analysis.
Source && Download
Gloss