Configuration Manuel

Before getting into the installation and configuration Manuel you will need to download Oracle virtual
box on your Windows machine from the following link:

https://www.virtualbox.org/

PART 1 – Windows Machine

1- Download Windows 10 iso from the following link:

https://www.microsoft.com/en-us/evalcenter/evaluate-windows-10-enterprise

2- Install Windows on your Oracle virtual box

3- Install flareVm on your Windows 10 machine from the following repo:

https://github.com/mandiant/flare-vm

To install Flare-Vm, follow the following steps:

1- Run powershell as administrator

2- Type the following commands:

• Set-ExecutionPolicy Unrestricted
• wget https://github.com/fireeye/flare-vm/raw/master/install.ps1 -UseBasicParsing -OutFile
C:\\Users\yourname\Desktop\install.ps1

This will take a long time to finish (2-4 hours), after a couple of reboots, all will be set

3- Download the Malware samples from the following repo:

https://github.com/HuskyHacks/PMAT-labs

4- Take a snapshot for the current state of the machine and call it “Pre-Detonation state”

PART 2 – Remnux Machine

The second machine will be Remnux (Linux Machine for luring the malware to connect to internet)
To configure this machine along with the Windows machine do the following:
 1- Download Remnux from the following link

https://docs.remnux.org/install-distro/get-virtual-appliance

(Make sure to choose VirtualBox Ova)

2- Run it on Virtual box

PART 3 – Network Configuration

1- From Oracle Virtual box main screen go to tools and create a new interface
2- Do the following configuration

3- Then configure the DHCP server

4- Now change the network interface to Windows machine and Remnux as well from host
only to the interface you created

5- In Windows machine, go to networks and make sure to change the DNS settings and place the IP
of Remnux machine there

6- Don't forget to install the Windows tools (Just youtube it) this is to expand your screen
Back to Remnux machine

Do the following on this machine:

1- sudo mkdir /media/cdrom

2- sudo mount /dev/cdrom /media/cdrom

Sometimes you get an error where you will need to install the cdrom

3- cd /media/cdrom

4- sudo -s
./autrun.sh

5-sudo nano /etc/inetsim/inetsim.conf

6- Now remove the hash from the dns part
7- Put the address 0.0.0.0 in front of service_bind_address (So to bind it to all interfaces)
8- Change the DNS_Default_IP to Remnux IP address
9- run inetsim and test it with Windows machine

Some Extra Notes

1- Every malware you download make sure to change its extension to something like .exe.malz
2- The password to every compressed folder is “infected”