0
Situation: Thinking of making a malware detonator using an ARM single board computer, which has a file scanner in it.
Problem: I am scanning computers (x86 and/or amd64), therefore malwares will be written for those specific architectures. Trying to observe malware activity using an ARM architecture is essentially watching paint dry.
Question: Is there a way I can simulate an x86/amd64 environment on ARM?
Additional information: I looked at QEMU VMs as a method to do so, but I am open to containers that are able to simulate such conditions if possible.
Timothy Wong
Posted 2017-07-04T06:56:31.343
Reputation: 115
What is a malware detonator supposed to be? How is this system supposed to work? – Seth – 2017-07-04T07:08:46.533
When a malware is found, it copies over (a bit counter intuitive), and monitors the malware behaviour and logs it. – Timothy Wong – 2017-07-04T07:12:58.693
So... analyser, maybe honeypot. "detonator" is not standard terminology, to the best of my knowledge. – Bob – 2017-07-04T07:28:36.920
Oh. So would a honeypot be able to simulate an x86/x64 platform? – Timothy Wong – 2017-07-04T07:34:38.087
@TimothyWong For that particular bit, you're looking for emulation (whcih, as you've noticed, qemu can do). But software emulation, especially of different instruction sets, tends to be incredibly slow. The Snapdragon 835 includes some hardware-assisted virt, but even that is probably rather slow. You're better off using a proper x86 chip - there are some fairly slim ones available, e.g. Intel NUCs. – Bob – 2017-07-04T16:37:53.433
@Bob I see where you're coming from. However my hardware can only consist of the ARM SBC. But I will look further into QEMU, and maybe do some research on honeypots. – Timothy Wong – 2017-07-07T06:44:42.767