Capturing and analyzing Malware
From CSRRT-LU
| Table of contents |
Malware Real Time Console (http://nepenthes.csrrt.org:10080/nepenthes)
Malwarepaper
TFE uni.lu - Automated malware analysis
Malware behavior
TFE - documents
- Final Report Release 1.0 (http://www.csrrt.org/wiki/images/5/59/Mre.pdf)
- TFE Presentation Release 1.0 (http://www.csrrt.org/wiki/images/6/60/Mre_pres_20060719.pdf)
Automated aNalysis and Network emulation ANNE
Is a framework to analyse unknown binaries in an automated way. More information can be found at Malware/Anne_-_release_0.1
It is composed of
- backend xmlserver
- a daemon that process the jobs
- UML (user mode linux) Malware/UML Howto for ANNE
- a web interface frontend
- simulation scripts that run inside your UML
Download
- anne-backend_0.2.0 (http://www.csrrt.org/wiki/images/2/2f/Anne-backend_0.2.0.tar.bz2) (md5sum: 0754432c59e49b47a933a8db011d0377)
- anneweb_0.1.0 (http://www.csrrt.org/wiki/images/9/96/Anneweb_0.1.0.tar.bz2) (md5sum: e3830d2166b63f814bedb6eaf8675372)
- simulation scripts 0.1.0 (http://www.csrrt.org/wiki/images/1/11/Wein_0.1.0.tar.bz2) (md5sum: 548d21473733c605d226b3137d293399)
Installation
After having downloaded the software extract the tar balls and start the installer script. (install.sh) More information can be found at Malware/Installing - ANNE
Running ANNE
server / daemon
- go to anne server / daemon root directory
- start ./startAnne.sh
- start ./startAnneProc.sh
web interface
- start your internet browser (mozilla)
- enter the URL that correspond to the anneweb root directory. Default http://localhost/anneweb.
Suport
ANNE is an opensource project GPL (GNU Public License). In case there are some problems or wishes, please contact the author Gerard Wagener haegardev { ATA } gmail.com via email. Do not forget to replace { ATA } with the character @. Support will be available from 01/09 on. Before contacting the author please read the section Malware / ANNE -FAQ
