1

I'm learning malware analysis. I'm looking for malware samples that terminate themselves when recognize working on a VM or sandbox.

Thanks.

Eran Atias
  • 11
  • 2
  • This relates to http://reverseengineering.stackexchange.com/questions/206/where-can-i-as-an-individual-get-malware-samples-to-analyze – NirIzr Sep 19 '16 at 22:36
  • I propose having a look at early cerber samples (9e82344a0a854411fd095f070b0782e8), they feature a debug mode, few obfuscation tricks and the whole range of basic anti-vm-techniques (have a look at 0x401307) – Nordwald Sep 20 '16 at 05:02
  • @Nordwald Do you know where I can download these samples of cerber? (I have tried searching with the given hash but cannot found any) – Ta Thanh Dinh May 04 '17 at 07:55
  • @TaThanhDinh This is only the hash of a sample I analyzed personally, but any of the early-samples should suffice as an example. Sadly, apart from commercial solutions like VirusTotal, malware repositories are awfully bad maintained. You may try malpedia or openMalware for example – Nordwald May 04 '17 at 12:04

2 Answers2

6

For learning purposes, I would recommend you the following Github projects to start with:

Paranoid Fish by a0rtega

https://github.com/a0rtega/pafish

Al-Khaser v0.60 by Noteworthy

https://github.com/LordNoteworthy/al-khaser

or

Colection by AlicanAkyol

https://github.com/AlicanAkyol/sems

Grab one you like, compile and analyze.

In case you look for in the wild samples, you should look at Andromeda\Gamarue bot. It have a plenty of anti tricks, including anti-VM, anti-Sandbox, anti-research etc.

Denis Laskov
  • 2,438
  • 15
  • 15
1

https://github.com/a0rtega/pafish is old but it is good tool. https://github.com/AlicanAkyol/sems is current. You can use it.

alican akyol
  • 111
  • 2
  • 1
    Answers that are merely links are not encouraged, may I interest you writing at least a couple of sentences about the tools? – NirIzr May 04 '17 at 07:18
  • I used the tools for malware analysis. And these tools have given successful result. But I like sems more than pafish. – alican akyol May 04 '17 at 20:20