Skip to main content

theZoo repository for reverse engineering and exploit development!

 Looking for a place to download raw malware for analysis and even exploit development? After using multiple repositories for one by one download and analysis, I have finally found that theZoo is a regularly updated repository with everything you need. Below I will walk you through the downloading of the repository and some basic use cases.

First, a shout out to DAS MALWERK and crackmes for your efforts in so many engineers learning!

theZoo:

First, warning! Please remember that these are live and dangerous malware! They come encrypted and locked for a reason! Do NOT run them unless you are absolutely sure of what you are doing!

I prefer to run all my analysis on my Cuckoo workstation so as to be safe should I let one of these things run wild on a VM, I can easily recover.

Getting Started

Clone the repository with git clone https://www.github.com/ytisf/theZoo. Go to the directory and run pip install --user -r requirements.txt. This should install all the latest requirements needed. 

1) git clone https://www.github.com/ytisf/theZoo
2) cd theZoo
3) pip install --user -r requirements.txt

Know the structure

/conf - The conf folder holds files relevant to the particular running of the program but are not part of the application. You can find the EULA file in the conf and more.

/imports - Contains .py import files used by the rest of the application

/malwares/Binaries - The actual malwares samples - be careful! These are very live.

/malware/Source - Malware source code.

Malware under the folder Original is supposed to be (NO PROMISES!) the original source of the malware that leaked. Malware under the folder Reversed is either reversed, decompiled or partially reconstructed.

All passwords are stored in the .zip. Almost always set to "infected"

Downloading the samples

  1. cd to theZoo. You will see "theZoo.py". You may need to execute "sudo chmod +x theZoo.py" for it to be able to execute.
  2. start the console by running "python theZoo.py"
  3. run "help" to see your available options.
 Available commands:

search      Search for malwares according to a filter,
e.g 'search cpp worm'.
list all    Lists all available modules
use          Selects a malware by ID
info        Retreives information about malware
get          Downloads selected malware
report-mal  Report a malware you found
update-db    Updates the databse
help        Displays this help...
exit        Exits...

4. I suggest running "update-db" first.

mdb #> update-db
[+] theZoo is up to date.
[+] You are at 1596631782000
 which is the latest version.

5. "list all" will show all current malware samples.

6. To download a specific malware:
  • list all > use % (for some reason they list the index of each with a "%", just put the corresponding number)
mdb #> use #
mdb malware listed here#> 

  • get # will (might - I have had issues with download errors on some) download the malware zip.
  • as you can see below, I have download a few well-known samples and unzipped them so you can see what it looks like. All files download the theZoo root folder.

  • Feel free to load them into ghidra (see my previous post to install) or modify the content for your own engineering purposes! Enjoy































Comments

  1. The Best Casino Sites for Real Money Play in Australia
    As we say in 넥스트벳 the industry we go on to say, it's a pretty tough decision. We have a handful of casinos 홀덤 족보 that have a lot to offer, but 한게임 포커 머니 상 all of 스크릴 them 슬롯 추천 are packed with games that

    ReplyDelete
  2. I am truly impressed by the details which you have provided regarding Reverse Engineering PWB It is an interesting article for me as well as for others. Thanks for sharing such articles here.

    ReplyDelete
  3. I liked your work and, as a result, the manner you presented this content about engineering repairs Western Sydney.It is a valuable paper for us. Thank you for sharing this blog with us.

    ReplyDelete
  4. It is what I was searching for is really informative.Responsive web application development services It is a significant and useful article for us. Thankful to you for sharing an article like this.

    ReplyDelete

Post a Comment