I had some free time recently and decided to make use of one old desktop computer that was lying around. With a fairly strong HW configuration, it was an ideal target for my home malware sandbox environment that I long wanted, but never had the chance to set up. If you want to analyze malware, a sandbox for dynamic analysis is always useful. It allows you to focus on relevant parts of the behavior so you don’t waste time while debugging. Luckily, there are plenty of online sandboxes nowadays that one can use for free, but having your own can be of advantage sometimes. In this post, I will go through the process of setting up Cuckoo Sandbox running in Proxmox Virtual Environment, all on the same machine, running in your own network.Continue reading “Proxmox & Cuckoo – a powerful combo for your home malware lab”
Last week I was browsing Twitter when I found a tweet from Jaromir Horejsi about a spam mail with a Locky downloader that was personalized with his surname. It was the same day that I received a spam too, also with my surname in it. I’m always happy when this happens as it gives me an opportunity to go down the rabbit hole and check what’s hidden in there.
I received a nice spam mail today. Normally the anti-spam plugin on the mail server does a really nice job to filter these out but this one got through. As I had some spare time, I decided to check what’s going on. First look at the mail revealed that it is a malicious downloader. Naturally, I was curious about the payload, so I decided to investigate further.