Cloud Hosted Malware Analysis Machine
Set up an Amazon server that will host a Windows with FlareVM and a server running Apache Guacamole that can be used to supply a virtual network that can transfer malicious files.
You should already have an AWS account that is verified and ready to set up Cloud-Based Virtual Machines.
We are going to configure a new VM instance in the AWS Instance Manager with Windows 2022 Base Selected.
We are then going to create a new RSA key pair with defualt settings and put the instance type to medium.
Once our VM is powered up and ready, we can go to microsoft edge and download this github script : https://raw.githubusercontent.com/mandiant/flare-vm/main/install.ps1
After our installer for FLareVM is installed, we can run the file in Powershell with .\install.ps1. This process might take a while...
We will now add a new user to AmazonEC2FullAccess user group with a new access key and make sure console sign in is true.
Now, we will move onto an ubuntu terminal and setup Terraform, it is recommended that you make a new folder for this project, and the Terraform setup can be found at https://developer.hashicorp.com/terraform/tutorials/aws-get-started/install-cli
After Terraform is installed, you can download aws client through this command : sudo apt install awscli -y, and you can clone this repo for the network preset : git clone https://github.com/adanalvarez/AWS-malware-lab
Finally, we can configure Terraform with a new file in your folder : nano shared.auto.tfvars.json, and add this configuration file with all of your current account information updated :
{ "environment": "malware-lab", "ami": "ami-xxxxxxxxxxxxxxxxx", "account" : "222222222222", "region": "us-east-1", "enable_guacamole": false, "enable_inetsim": true }