Extreme Malware Test Rig

[SkyboundSteven]

Hello everyone, SkyboundSteven here.

I recently got a junk computer that I can test whatever I want on;
What Malwares should I test?

Machine's spec:
Intel Core2 Duo @1.30GHz
2GB RAM
100GB HDD (IDE)
LG Based motherboard
NVIDIA Embedded GT240 / Intel HD Graphics
Completely isolated from internet
All optional components stripped, leaving only core functions intact
Runs Windows XP SP3 (2013-08-19) 32bit
Unprotected (all AV programs are removed and/or put to Sleep mode, for Retrovirus testing)
Separate backup disk available (automatically disconnects when testing)
CMOS Flash disabled (safe switch shorted)
BIOS Automatic Recovery

Please post links from the MalwareTips Virus Exchange posts picking the ones you want to test (FinFisher, Cryptolocker, Yersinia, etc.)
...Or, you can try uploading the sample there and try sending PM to me.

External links should follow this format:
"hxxp://your_link_here.com"

 

[Ink]

How will you perform restoring the system to clean state? (Explain method, please).

When you test the samples, what will you record or be logged? How will keyloggers be tested, or other ID-stealing malware? Will you be able to recover your system from Ransomware with or without using 3rd party tools?

 

[SkyboundSteven]

How will you perform restoring the system to clean state? (Explain method, please).

When you test the samples, what will you record or be logged? How will keyloggers be tested, or other ID-stealing malware? Will you be able to recover your system from Ransomware with or without using 3rd party tools?

I use EaseUS Disk Recovery (using copy of exact system from separate disk).
I will just analyze what changes are done to system by comparing it to the exact copy of disk before testing, then clean it up by overwriting entire system with backup.

I am planning to use:
Process dumper
Linux postmortem
Keylogger catcher
Packet analysis (using a router connected to nothing)

If you can help, please help me.
I am still novice!

 

[Petrovic]

Extreme Malware Test Rig

what for?

Unprotected (all AV programs are removed and/or put to Sleep mode, for Retrovirus testing)

What are you going to check?/test?

It's pointless - the destruction of the operating system

Windows XP SP3

Use Win95
XP isn't actual
Welcome to Malware Hub

 

[SkyboundSteven]

what for?

What are you going to check?/test?

It's pointless - the destruction of the operating system


Use Win95
XP isn't actual
Welcome to Malware Hub

It divides into three catcategories:
1. Just for fun.
2. Research.
3. To find out what it does & how to prevent it from happening

Testing Retrovirus-type Malwares which disables AV softwares.

Sadly, drivers for any of my equipments are not compatible with Windows 95/98/2000/ME/NT(before XP).

 

[SkyboundSteven]

If you have any suggestions or tutorials for analysis, please put all of them here. I want to get bombarded with information!

 

[Petrovic]

Just for fun ≠ Research.

 

[SkyboundSteven]

Just for fun ≠ Research.

Oh, I see what mistake I have done.
It should've said "It divides into these categories:". Fixing now.

 

[NullPointerException]

Using a simple Virtual Machine can really save you a lot of trouble. I use Windows XP SP 3 in Virtualbox with almost default settings. I shall never be infected by malware. Because VM exploits are rare and are really not worth it.

Make sure to protect your flash drive and CD when you plug them. The result will not be sane when you realize the disk, too, is infected by ransomware. May I ask your computer science knowledge?

1. Programmer (including debugging and reverse-engineering).
2. Advanced user (not a programmer, but knows a lot of about AVs, knows the intermediate things about Windows and knows basic computer-engineering aspects)
3. Enthusiast (Knows more than an average user. Willing to learn more)
4. Adept
5. Novice.
6. Beginner.

 

[SkyboundSteven]

Using a simple Virtual Machine can really save you a lot of trouble. I use Windows XP SP 3 in Virtualbox with almost default settings. I shall never be infected by malware. Because VM exploits are rare and are really not worth it.

Make sure to protect your flash drive and CD when you plug them. The result will not be sane when you realize the disk, too, is infected by ransomware. May I ask your computer science knowledge?

1. Programmer (including debugging and reverse-engineering).
2. Advanced user (not a programmer, but knows a lot of about AVs, knows the intermediate things about Windows and knows basic computer-engineering aspects)
3. Enthusiast (Knows more than an average user. Willing to learn more)
4. Adept
5. Novice.
6. Beginner.

3. Enthusiast.
I can disassemble the PE, but I can't test it nor find out what it was programmed in, due to lack of knowledge about programming.

 

[NullPointerException]

You should read books about programming, computer science and Assembly language before testing malware. But I think you're good to go.

 

[Ink]

@NullPointerException Any description for #7. and #8. PC users?