Malware: Basic Handling & Safety

Hi, hackers! In this post, I’ll be going over some best practices you should use when handling malware. Malware has always been an interest of mine, and I’ve started studying it recently! Keep reading to learn about safe malware handling :)

Summary

Analyzing malware is an excellent way to learn how threat actors (TAs) target systems, gain an understanding of reverse engineering, and contribute to cybersecurity research. However, it requires extra special care to make sure you don’t accidentally infect your host or others. Follow the guidelines in this post to keep yourself safe!

Disclaimer: Malware handling should never be taken lightly. Only deploy malware if you are 100% sure it won’t infect unintended hosts. Work methodically and triple check your setup before detonating malware.

Malware Handling Best Practices

1. Change file extensions to prevent accidental execution
   • Example: malware.exe -> malware.exe.reallybadstuff
2. Place the malware in a password protected ZIP file, and transfer it on a clean USB
   • Most researchers use the password “infected.” However, many antivirus solutions are aware of this password. I recommend using a more specific password.
3. Perform your analysis on a virtual machine
4. Take a snapshot of your virtual machine before detonating the malware
5. Disable the virtual network interface on your virtual machine before detonating your sample.
6. Grab the malware’s hash. Look it up. Learn as much as you can before analyzing it.
7. Proceed methodically and enjoy your time analyzing malware :)

Analyzing malware can be an enlightening process if you take the proper steps to be safe. Always remember to handle malware with care before, during, and after analysis.

Happy hacking :)