Help needed to create Virtual Machine for Malware Analysis

Tarun

Level 1
Thread author
Verified
Apr 8, 2015
17
Hello everyone,
I am Tarun, I am new to MalwareTips and I am posting as I require help from you guys in setting up a Virtual Machine for malware analysis, I have a lot of interest in testing malware but I read that VMware's settings need to be modified so as to use it for malware testing or else the host system can be rendered useless, so I request any of you guys to guide me in setting up a machine for malware analysis in VMWare..
 
  • Like
Reactions: AtlBo

Tarun

Level 1
Thread author
Verified
Apr 8, 2015
17
Thanks for your reply but I want guidance regarding isolation of VM in VMware for malware analysis...
 
  • Like
Reactions: AtlBo

ueda

Level 1
Dec 19, 2016
5
I'm using NAT N/W configuration and disable folder sharing to isolate VM from host.
 
  • Like
Reactions: AtlBo

tim one

Level 21
Verified
Honorary Member
Top Poster
Malware Hunter
Jul 31, 2014
1,086
I can just share my experience with VirtualBox but I think the concept is similar also for VMware and static or dynamic malware analysis, the speech does not change.

It is important that the virtualized environment has to be isolated from the host one, so even if a malware infects the virtual machine, it would have no way to attack the real system.
There are situations however, in which this isolation can be problematic, and then it is necessary to avoid host/guest "clipboard" sharing and "drag ‘n drop" function.
It is necessary to check that the "shared folders" are turned off or by flagging "read-only" to prevent malware accidentally started in the VM can infect the host.

Very important is to use a VPN connection because NAT config. assumes the sharing of the host IP, so it is necessary to protect our real IP from malware access.
 

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
By default the network configuration is in NAT which isolates the IP address from our host system, so chances of slip infection is very minimal.

I've tested and experienced malware testing and no issues occurred, make sure to monitor like shared folder which must be disable when malware testing begin to avoid any infections; especially that ransomware can trashed everything including network that contains crucial files.
 

Tarun

Level 1
Thread author
Verified
Apr 8, 2015
17
Hey guys I've done this, just tell me if this process can infect my windows installation.
I've installed Ubuntu 16.04 LTS on my HDD(Same one on which windows 10 is installed)(Dual booting)
I've installed VMware Workstations player on Ubuntu and installed windows 7 on Virtual Machine
and if I start running malware on Virtual Machine.
Will that affect my Windows 10 Installation ?
My assumption is NO cause even if malware leaks on Ubuntu,it fails because no windows malware can't do its trick on Ubuntu.
Let me know if I am wrong and by the way both Windows and Ubuntu access Internet through same connection.
 
  • Like
Reactions: AtlBo

ueda

Level 1
Dec 19, 2016
5
Will that affect my Windows 10 Installation ?
My assumption is NO cause even if malware leaks on Ubuntu,it fails because no windows malware can't do its trick on Ubuntu.
Let me know if I am wrong and by the way both Windows and Ubuntu access Internet through same connection.

I think there's no problem. If you mount Windows file system on Ubuntu, you may unmount it.
 
  • Like
Reactions: AtlBo

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
@Tarun

Not at all, very slim chance to happened that.

Remember that many threats kill itself when detected in isolated environment.
 
  • Like
Reactions: AtlBo

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top