Malware scanning and analysis distro REMnux has been updated to Version 6 with 19 new tools and updates to tools in earlier versions.
The brainchild of information security specialist Lenny Zeltser, REMnux Linux has been around for a while. The first version saw the light of day in 2010.
The upgrade also comes with changes to let the toolkit’s users easily apply future updates without requiring them to download the full REMnux environment from scratch.
Based on Ubuntu 14.04 64-bit, REMnux v6 features a suite of tools to scan and examine malicious software.
REMnux 6 includes tools to examine browser malware, investigate Linux malware and mobile malware, examine document files, file properties and contents, network protocol analysis and more.
REMnux 6 – New Tools
The following new tools have been added in With REMnux Linux 6.
* pedump, readpe.py: Statically examine properties of a Windows PE file
* virustotal-tools: Interact with the VirusTotal database from the command-line
* Nginx: Web server, which replaces Tiny HTTPD that was present on REMnux earlier
* VolDiff: Compare memory forensics images to spot changes using Volatility
* Rule Editor: Edit IOC Yara, Snort and OpenIOC rules, replacing its precursor Yara Editor
* Rekall: Memory forensics tool and framework
* m2elf: Create an ELF binary file out of shellcode
* Yara Rules: Signatures for spotting malicious characteristics in files
* OfficeDissector MASTIFF plugins: Examine Microsoft Office XML-based files using MASTIFF
* Docker: Run applications as isolated containers on the local host
* AndroGuard: Analyze suspicious Android applications
* vtTool: Determine the specimen’s malware family name by querying VirusTotal
* oletools, libolecf: Analyze Microsoft Office OLE2 files
* tcpflow: Examine network traffic and carve PCAP capture files
* passive.py: Perform passive DNS lookups using the pdns library
* CapTipper: Examine network traffic and carve PCAP capture files
* oledump: Examine suspicious Microsoft Office files
* CFR: Decompile suspicious Java class files
* update-remnux: Update the distro, upgrading its software and installing newly-added tools
Installing REMnux 6
Installing REMnux 6 is easy if you already have Oracle VirtualBox on your system.
Since I already had VirtualBox up and running, it took less than 10 minutes to download the REMnux 6 virtual appliance file and then import it into Virtualbox.
I opted for the default settings and had REMnux 6 running in no time.
If you have an issue with the window/screen size, install the VirtualBox Guest Additions software.
Getting Guest Additions to work with a new virtual machine can often be a tricky affair, so do not get frustrated and give up. If you want to link VBoxGuestAdditions.iso to a new virtual machine, first make sure the VM is closed.
With its rich suite of malware analysis and scanning tools, doubtless REMnux 6 will soon be part of every security analyst’s arsenal.