0

My goal is to find malware that performs network activities and captures the traffic with Wireshark. I have a Windows 10 laptop host machine and VirtualBox which has virtual Windows 10 machine.

I am scared about the safety of my host machine. How can I be safe for this type of analysis which needs an internet connection? (without internet, static analysis were easy, choose host-only adapter, take snapshots and do analysis) Should I choose "Nat network" or "Nat" or I should configure something else?

schroeder
  • 123,438
  • 55
  • 284
  • 319
ArcherPacman
  • 1
  • 1
  • One problem at a time please. – schroeder Dec 26 '21 at 16:01
  • Is there a reason why you want a plain VM with an OS and not a malware analysis sandbox designed for this type of research? Cuckoo is the gold standard. There are others. – schroeder Dec 26 '21 at 16:02
  • As for samples, there are massive repos out there. Look thru Github. – schroeder Dec 26 '21 at 16:04
  • Hello. I need a plain virtual machine with an OS for this task. I have thought about sandbox options but not good for me. I have found some malware on GitHub but now I am not sure as I mentioned about isolation. What can I do please? – ArcherPacman Dec 26 '21 at 16:23
  • 1
    @ArcherPacman Why not? You have a tried-and-true method, and you say "it's not good for me", without explaining why. –  Dec 26 '21 at 16:37
  • Sorry, did not get your point. Is there a way to isolate when doing malware analysis VM with Windows from the host network or not? (VirtualBox) Solution with sandbox is not accepted. – ArcherPacman Dec 26 '21 at 16:53
  • Our question is why it is not accepted. A sandbox will do all you say you want. And the 2 questions that we linked at the top provide many options for you if you want a pure VM. – schroeder Dec 26 '21 at 18:11
  • I do not prefer Sandbox because of the requirements of my project, I need to work with pure VM. Thank you, I checked the links but it is not clear enough for me. The malware will communicate with the internet and I will record it with Wireshark. In this case which adapter should I choose? "NAT - "NAT Network" - ? I understood that machine should be realistic, because some malware can understand if they are in VM. – ArcherPacman Jan 05 '22 at 19:09
  • https://security.stackexchange.com/questions/171649/is-a-vm-safe-to-run-a-simple-virus-on?noredirect=1&lq=1 this is good one, ok – ArcherPacman Jan 05 '22 at 20:10

0 Answers0