Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/LaurieWired/linux_malware_analysis_container

Docker container for quickly analyzing Linux malware
https://github.com/LaurieWired/linux_malware_analysis_container

Last synced: about 1 month ago
JSON representation

Docker container for quickly analyzing Linux malware

Host: GitHub
URL: https://github.com/LaurieWired/linux_malware_analysis_container
Owner: LaurieWired
Created: 2023-07-24T03:37:30.000Z (over 1 year ago)
Default Branch: main
Last Pushed: 2023-08-20T18:42:43.000Z (over 1 year ago)
Last Synced: 2024-08-02T01:17:31.717Z (4 months ago)
Language: Shell
Homepage:
Size: 18.6 KB
Stars: 53
Watchers: 2
Forks: 8
Open Issues: 1
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

awesome-rainmana - LaurieWired/linux_malware_analysis_container - Docker container for quickly analyzing Linux malware (Shell)

README

# Linux Malware Analysis Container

[![Follow @lauriewired](https://img.shields.io/twitter/follow/lauriewired?style=social)](https://twitter.com/lauriewired)

# Description
Quickly build a lightweight Docker container to bundle tools for dynamic Linux malware analysis.

When dynamically analyzing malware, it is important to properly isolate the analysis environment from the host machine. To do this, you need to have a dedicated machine for your malware analysis. This container is designed to be run from within your malware analysis machine to bundle and pre-install common Reverse Engineering tools. It also provides an easy mechanism to quickly reset container state for samples requiring repetitive analysis.

> :exclamation: Important! Only run this from within a secure malware analysis environment! Many Docker container escapes exist in the wild.

## Example Use-Cases
- Case 1: Reseting directories for ransomware analysis without having to fully revert the entire host upon each execution of the malware
- Case 2: Bundling Reverse Engineering tools to share between malware analysis machines that might be lacking dependencies

![docker_linux](https://github.com/LaurieWired/linux_malware_analysis_container/assets/123765654/ac6e839a-c07a-4d4c-b567-b0edcca9a4f1)

# Usage

## Running
Simply run the bash script to build and start the Docker container. Pass any files you would like copied to the container as command line arguments:

```
linux_malware_analysis_container.sh MY_FILE_1 MY_FILE_2
```

This will build and start the Docker container and copy the target files into the container at ```/home/app```. Once built, it opens an interactive shell where you can begin your analysis process. The container is based on Ubuntu meaning that the interactive shell will accept standard Linux commands and be able to dynamically run ELF binaries. The following list contains suggested commands for common Reverse Engineering tasks. These tools come pre-installed in the container along with many more:

- strace
- strings
- gdb
- objdump
- file

## Removing
Once you have completed your analysis, enter ```exit``` as the command. This will automatically kill and remove the container.