1

I am starting off with malware reversing/analysis for the first time. I have been going through many resources on the internet. Some of them being pretty awesome and helpful, like SANS resources, Limon blog, Security trainings, reddit posts and many more. I am still in the process of setting up the environment required for getting started with my tryst with malware analysis (something that I have always been fascinated by).

However, there is one fundamental thing I am trying to understand. Please help me with the same :

The malware sample that I have is one that I collected from a live production environment (a Linux machine) that was compromised. Now I would like to first understand whether this malware was aimed at infecting Linux or Windows machines? In other words, is it a Linux or a Windows malware?

So right now I have started with the setup of the analysis environment as per the instructions here (Limon). I started with this because the malware was collected from a Linux box. So I am guessing it to be a Linux malware. Am I right in my thought process here. If not what should be the right approach?

Improve this question

1 Answer 1

Reset to default
1

Your thought is good, if you want to run automated analysis. Make sure you have set everything up according to the instructions provided. Since you want to start looking into malware analysis, set up two virtual boxes. One running on linux and one on windows, so you can use Limon to analyze both Linux and Windows malwares. Apart from the working environment, make sure you read some stuff about malwares (Malware analyst's cookbook or something similar) and develop some reverse engineering skills. Both the understanding of them and their "hardcore" analysis will come pretty handy if you consider taking it to the next level. Start by disassembling some simple programs (hello word), learn some tools like ollydbg, ida pro(if you find a license), radare2 and step up to manual unpacking and real malwares. Automated tools usually do the job, but being able to question their results and find more... Man that's priceless ;)

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .