Looking for a place to download raw malware for analysis and even exploit development? After using multiple repositories for one by one download and analysis, I have finally found that theZoo is a regularly updated repository with everything you need. Below I will walk you through the downloading of the repository and some basic use cases.
First, a shout out to DAS MALWERK and crackmes for your efforts in so many engineers learning!
theZoo:
First, warning! Please remember that these are live and dangerous malware! They come encrypted and locked for a reason! Do NOT run them unless you are absolutely sure of what you are doing!
I prefer to run all my analysis on my Cuckoo workstation so as to be safe should I let one of these things run wild on a VM, I can easily recover.
Getting Started
Clone the repository with git clone https://www.github.com/ytisf/theZoo. Go to the directory and run pip install --user -r requirements.txt. This should install all the latest requirements needed.
1) git clone https://www.github.com/ytisf/theZoo
2) cd theZoo
3) pip install --user -r requirements.txt
Know the structure
/conf - The conf folder holds files relevant to the particular running of the program but are not part of the application. You can find the EULA file in the conf and more.
/imports - Contains .py import files used by the rest of the application
/malwares/Binaries - The actual malwares samples - be careful! These are very live.
/malware/Source - Malware source code.
Malware under the folder Original is supposed to be (NO PROMISES!) the original source of the malware that leaked. Malware under the folder Reversed is either reversed, decompiled or partially reconstructed.
All passwords are stored in the .zip. Almost always set to "infected"
Downloading the samples
- cd to theZoo. You will see "theZoo.py". You may need to execute "sudo chmod +x theZoo.py" for it to be able to execute.
- start the console by running "python theZoo.py"
- run "help" to see your available options.
Available commands:
search Search for malwares according to a filter,
e.g 'search cpp worm'.
list all Lists all available modules
use Selects a malware by ID
info Retreives information about malware
get Downloads selected malware
report-mal Report a malware you found
update-db Updates the databse
help Displays this help...
exit Exits...
4. I suggest running "update-db" first.
mdb #> update-db
[+] theZoo is up to date.
[+] You are at 1596631782000
which is the latest version.
5. "list all" will show all current malware samples.
6. To download a specific malware:
- list all > use % (for some reason they list the index of each with a "%", just put the corresponding number)
mdb #> use #
mdb malware listed here#>
- get # will (might - I have had issues with download errors on some) download the malware zip.
- as you can see below, I have download a few well-known samples and unzipped them so you can see what it looks like. All files download the theZoo root folder.
- Feel free to load them into ghidra (see my previous post to install) or modify the content for your own engineering purposes! Enjoy
The Best Casino Sites for Real Money Play in Australia
ReplyDeleteAs we say in 넥스트벳 the industry we go on to say, it's a pretty tough decision. We have a handful of casinos 홀덤 족보 that have a lot to offer, but 한게임 포커 머니 상 all of 스크릴 them 슬롯 추천 are packed with games that
I am truly impressed by the details which you have provided regarding Reverse Engineering PWB It is an interesting article for me as well as for others. Thanks for sharing such articles here.
ReplyDeleteThis comment has been removed by the author.
ReplyDeleteI liked your work and, as a result, the manner you presented this content about engineering repairs Western Sydney.It is a valuable paper for us. Thank you for sharing this blog with us.
ReplyDeleteIt is what I was searching for is really informative.Responsive web application development services It is a significant and useful article for us. Thankful to you for sharing an article like this.
ReplyDelete