REMnux on Azure
REMnux, the Linux toolkit for Malware Analysis, does a similar job as Kali Linux for digital forensics and penetration testing.
REMnux is a lightweight Ubuntu-based Linux distribution specially developed to help reverse engineer and analyze malware. It contains a wide range of apps and features which are mandatory for the successful analysis of malware.
Forensic investigators and incident reporters can use this tool kit for analyzing Windows and Linux malware, browser-based threats and explore suspicious files.
REMnux Highlights and Features
Wide range of tools for static file analysis, such as pestr, pyew, and readpe
- Tools for Binary files analysis, including but not limited to Yara, vivbin, and wxHexEditor
- Includes two useful tools Rekall and Volatility, for memory snapshots
- Includes tcpdump, ngrep, and Wireshark for Network analysis
- Includes NetworkMiner, CapTipper, and burpsuite tools for web traffic analysis
- Uses wget and Curl to retrieve remote web pages content
- Provides support for oletools and libolecf for Microsoft Office
- Have tools for android malware decoding such as Androwarn and AndroGuard
In general, the REMnux malware analysis use to:
- Examine the static properties of a suspicious file.
- Statically analyze malicious code.
- Dynamically reverse-engineer malicious code.
- Perform memory forensics of an infected system.
- Explore network interactions for behavioral analysis.
- Investigate system-level interactions of malware.
- Analyze malicious documents.
- Gather and analyze threat data.
Install & Configure REMnux on Azure
REMnux can be installed and configured in various ways, such as virtual appliances, running as a container, and installing from scratch, including installing on Azure or AWS.
To install REMnux on Azure, you need to follow the REMnux guide’s instructions about installing from scratch. Besides, you need to add the relevant parameters for the cloud scenario.
Before installing REMnux on Azure, make sure that you’ve got the following requirements:
- Azure VM with Ubuntu Server 18.04 LTS
- Full admin access to Ubuntu server
- SSH Key (can be done by the VM deployment process)
Note: The REMnux can work with 2 CPU and 8 GB Ram for many actions (analysis actions)
TIP: it’s recommended to put REMnux on a dedicated spoke (not a production spoke)
Once you’ve got Ubuntu 18.04 LTS with admin access and you’re connected to the server, you can begin with the installation.
Get the REMnux Installer
Download the REMnux installer from the REMnux website by running this command on your new Ubuntu system:
To generate the hash of your file, run:
Set up the REMnux installer by running these commands:
mv remnux-cli remnux
chmod +x remnux
sudo mv remnux /usr/local/bin
The MinimalCD version of Ubuntu includes very few components. Install GnuPG so that the REMnux installer can automatically validate the signature of the REMux configuration files it will download during the installation process. To install GnuPG, run:
sudo apt install -y gnupg
Run the REMnux Installer
You’re now ready to install the REMnux distro.
If you’re deploying REMnux in a cloud environment (Azure or AWS), you need to keep the SSH daemon enabled for remotely accessing the system. Use the following command instead to avoid disabling the SSH daemon.
Remember to harden the system after it installs to avoid unauthorized logins.
sudo remnux install –mode=cloud
The installation will take about an hour, depending on your resources and internet connection.
Keep your REMnux system up to date by running the following command once in a while as a regular, non-root user, so you benefit from the latest enhancements.
If the command shows you, “No upgrades available,” you can still refresh your current tools.
The following command will make sure that you’re running the latest versions of the installed Debian packages and Python modules without adding any new tools to your system: