We will start by using VirusTotal and move on to Cuckoo with a Windows virtual machine in an isolated network. Another important aspect of malware analysis is the ability to collaborate and share threats using the Malware Information Sharing Platform (MISP). We also setup Viper (binary management and analysis framework) to perform the analysis.
One of the initial phases of malware analysis is identification and classification. The most popular source is using VirusTotal to scan and get the results of the malware samples, domain information, and so on. It has a very rich API and a lot of people have written custom apps that leverage the API to perform the automated scans using the API key for identifying the malware type. The following example is to set up the VirusTotal tool in the system, scan the malware samples against the VirusTotal API, and identify whether...