Malware Analysis

Notes based on 0xf0x YouTube Channel

How to build Malware Lab

Various Virtual machines with 2GB of memory

• Windows 7

• Windows 10

• REMnux

Internal network

• Host only!

Useful tools on Windows boxes

• Process Hacker

• pestudio

• procmon

• procdot

• hxd

• wireshark

• autoruns

• Fiddler

• web browsers

After setup create a snapshot (of a clean machine)

Examples

Emotet

https://unit42.paloaltonetworks.com/wireshark-tutorial-emotet-infection/unit42.paloaltonetworks.com

Resources

Neil FoxYouTube

How to Successfully Pursue a Career in Malware AnalysisThe Hacker News