Downloading the malware samplesMalware Analysis / Reverse Engineering Course

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATION
Already a Member Login Here

Home Forums Courses Malware Analysis / Reverse Engineering Course Downloading the malware samples

Tagged: 

This topic contains 14 replies, has 10 voices, and was last updated by  originative 9 months, 2 weeks ago.

Viewing 15 posts - 1 through 15 (of 15 total)
  • Author
    Posts
  • #39296

    raks
    Participant

    In the first sample of malware dynamic analysis “Dyer”, I have observed that the malware was downloaded to the local host “Windows 7”, then copied to “Win XP”.

    the question, is it safe to download these malware samples directly to the local host? and how to download them securely?

    Also if you have Anti-Virus installed, it will detect these samples and block it from downloading.

    thank you so much for the valuable course.

    #39436

    OPsecJ
    Participant

    You would want to download the files on a machine that does not have an antivirus, as like you said, it will get deleted. As for the downloading the files to any machine ….just download them and not run them. Unless your going to a webpage that has exploits a browser vulnerability, just downloading malware won’t do anything (if you don’t run it). If your going to get into malware analysis you will be working with live malware all the time on different machines.

    Now if you want to send malware between yourself and other researchers, its standard practice to compress it with zip/rar/7zip, password protecting the file with the password: infected
    ^this is an industry standard that we all follow. If one malware researcher sends a file to another “infected” is always the first password they try to decrypt/decompress the file with.

    #39572

    raks
    Participant

    Thanks a lot for the information 🙂

    #39718

    oadominguez
    Participant

    You can also zip/tar/rar your malware samples with password (encrypt) to keep it safe in machines, then you can copy to your sandboxing machine and work with the sample.

    Other thing you can do is to “whitelist” a site folder in your machine so your AV solution will not delete it.

    • This reply was modified 3 years, 6 months ago by  oadominguez.
    #39957

    OPsecJ
    Participant

    ^ Yup, I do recommend you whitelist a random folder c:\malwarestuff\* so you can even look at things without your AV deleting it. Its a pita when you are looking at a zero day and the next day you come back to work and see the AV picked it up. Also, if your trying to compare/contrast one piece of malware against another, most of the time (you would hope) your AV will pick it up ….so it will keep deleting it when you copy it to your working machine.

    Its best to have an isolated test network, but also have a working machine on that network that you are “trying to keep clean” but isn’t your main machine that you go to your banking sites etc on.

    #40066

    Chambo
    Participant

    Thanks for the good tips @opsecj and @oadominguez
    – was zipping but not using a standard pwd each time 🙂

    #40168

    raks
    Participant

    Many thanks for the valuable comments 🙂

    #40203

    cybermo
    Participant

    Thanks.

    #40916

    812teck
    Participant

    I use the suggestions listed and a portable hard drive or usb stick…

    #65006

    Marcus.Flynn
    Participant

    Weird question… Is there anyway alternative way to get malware samples than downloading? I am curious to know if I can get usb stick or a cd with the malware sample.

    #65031

    OPsecJ
    Participant

    ^ sure there are plenty of ways to get USB sticks with malware on them. Just come by Vegas in 3 weeks for blackhat or defcon lol. Your not gonna know there is malware on them but that sounds like what your asking ha

    #78517

    shubham00
    Participant

    sir from where i get malware samples

    #89101

    cybermo
    Participant

    ,?

    #92822

    s3crafcp
    Participant

    Hi shubham00,

    You can download malware samples from http://contagiodump.blogspot.com/

    This is description about this site:

    Contagio is a collection of the latest malware samples, threats, observations, and analyses. Note: Zip files passwords: Contact me via email (see my profile) for the passwords or the password scheme. If you see errors, typos, etc, please let me know.

    Malware samples are available for download by any responsible whitehat researcher. By downloading the samples, anyone waives all rights to claim punitive, incidental and consequential damages resulting from mishandling or self-infection.

    #176861

    originative
    Participant

    you can download free malware sample for analysis form here Download Free Malware Samples

Viewing 15 posts - 1 through 15 (of 15 total)

You must be logged in to reply to this topic.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel