Few days ago the new version of the Linux distribution "REMnux 7.0" was released and which comes after five years after the publication of the last issue.
This distribution It is designed to study and reverse engineer the code of malicious programs. In the analysis process, REMnux allows provide an isolated lab environment in which you can emulate the operation of a specific attacked network service to study the behavior of the malware in conditions close to the real one.
Another area of application for REMnux is studying the properties of malicious insertions in JavaScript websites.
About REMnux
The distribution is based on Ubuntu 18.04 and uses the LXDE user environment. The distribution includes a fairly comprehensive selection of tools for analyzing malware, utilities for reverse engineering code, programs for studying PDF and hacker-modified office documents, and tools for monitoring system activity.
Of the tools that this distribution has, we can find the following:
Website analysis
This section includes the following tools: Thug, mitmproxy, Network Miner Free Edition, curl, Wget, Burp Proxy Free Edition, Automater, pdnstool, Tor, tcpextract, tcpflow, passive.py, CapTipper, yaraPcap.py.
Flash movie analysis
This section includes the following tools: xxxswf, SWF Tools, RABCDAsm, extract_swf, Flare.
Java analysis
This section includes the following tools: Java Cache IDX Parser, JD-GUI Java Decompiler, JAD Java Decompiler, Javassist, CFR.
JavaScript parsing
This section includes the following tools: Rhino Debugger, ExtractScripts, SpiderMonkey, V8, JS Beautifier.
PDF analysis
This section includes the following tools: AnalyzePDF, Pdfobjflow, pdfid, pdf-parser, peepdf, Origami, PDF X-RAY Lite, PDFtk, swf_mastah, qpdf, pdfresurrect.
Microsoft Office document analysis
officeparser, pyOLEScanner.py, oletools, libolecf, oledump, emldump, MSGConvert, base64dump.py, unicode.
Shellcode analysis
sctest, unicode2hex-escaped, unicode2raw, dism-this, shellcode2exe.
Obfuscated code
unXOR, XORStrings, ex_pe_xor, XORSearch, brxor.py, xortool, NoMoreXOR, XORBruteForcer, Babbler, FLOSS.
String data extraction
strdeobj, pestr, strings.
File recovery
Foremost, Scalpel, bulk_extractor, Hachoir.
Network activity monitoring
Wireshark, ngrep, TCPDump, tcpick.
Memory dump analysis
Volatility Framework, findaes, AESKeyFinder, RSAKeyFinder, VolDiff, Rekall, linux_mem_diff_tool.
Scanning PE executable files
UPX, Bytehist, Density Scout, PackerID, objdump, Udis86, Vivisect, Signsrch, Pescanner, ExeScan, pev, Peframe, pedump, Bokken, RATDecoders, Py, readpe.py, PyInstaller Extractor, DC3-MWCP.
Network Services
FakeDNS, Nginx, fakeMail, Honeyd, INetSim, Inspire IRCd, OpenSSH, accept-all-ips.
Network utilities
prettyping.sh, set-static-ip, renew-dhcp, Netcat, EPIC IRC Client, stunnel, Just-Metadata.
Of the other tools included
- Working with a collection of malware samples: Maltrieve, Ragpicker, Viper, MASTIFF, Density Scout.
- Signature definition: YaraGenerator, IOCextractor, Autorule, Rule Editor, ioc-parser.
- Scan: Yara, ClamAV, TrID, ExifTool, virustotal-submit, Disitool.
- Working with hashes: nsrllookup, Automater, Hash Identifier, totalhash, ssdeep, virustotal-search, VirusTotalApi.
- Linux Malware Analysis: Sysdig and Unhide.
- Disassemblers: Vivisect, Udis86, objdump.
- Tracking systems: strace and ltrace.
- Investigate: Radare 2, Pyew, Bokken, m2elf, ELF Parser.
- Working with text data: SciTE, Geany and Vim.
- Working with images: feh and ImageMagick.
- Working with binary files: wxHexEditor and VBinDiff.
- Malware analysis for mobile devices: Androwarn and AndroGuard.
What's new in REMnux 7.0?
Of the main changes that are presented in this new version of the distribution, one of them is the change to the LTS version of Ubuntu 18.04 together with which the distribution in this delivery it was redesigned from the ground up and was not simply a base upgrade.
Besides that in the new version, all offered tools have been updated thus the distribution package has been significantly expanded (the size of the virtual machine image has doubled).
Also REMnux documentation has been updated to provide users with a more extensive and categorized list of available tools, along with details about their authors, license, and home page.
Download
For those who are interested in being able to test this distribution, they can obtain the image of the system from its official website.