2

I have thousands of Linux malware samples in ELF format. And I am thinking to use dynamic analysis (say, PIN) to obtain an execution trace of each malware sample.

However, I am afraid such activity would crash my computer. So am I asking, how to dynamically analysis malware samples safely?

I know somehow I need to run it in a VM, but isn't it possible that the VM can be crashed as well? Should I reinstall the VM at that time? basically What's the best practice to do so?

Thank you a lot.

Improve this question
1

2 Answers 2

Reset to default
5

configure the VM with no access to network and create a clean snapshot before executing the first malware. Once the execution is complete revert the snapshot. Repeat that till you finish. (probably wanna automate it)

Improve this answer
3

It is very unlikely that the VM application can be crashed unless you are dealing with very sophisticated ELF malwares targeting your VM version. The guest OS or the environment inside the VM can be crashed though. In the event that it happens, you don't have to reinstall VM. Just follow SnakeByte instructions.

Improve this answer

Not the answer you're looking for? Browse other questions tagged or ask your own question.