• At least 5 GB of RAM

• VT-X extensions strongly recommended

• Install git, vagrant and packer using your distribution’s packaging tool (packer is sometimes called packer-io)

• pip install malboxes:

  sudo pip3 install git+https://github.com/GoSecure/malboxes.git#egg=malboxes

This creates your base box that is imported in Vagrant. Afterwards you can re-use the same box several times per sample analysis.

Run:

You can also list all supported profiles with:

This will build a Vagrant box ready for malware investigation you can now include it in a Vagrantfile afterwards.

For example:

If you want to customize your configuration, look at the following location for a config.js file:

• Linux/Unix: ~/.config/malboxes/

• Mac OS X: ~/Library/Application Support/malboxes/

• Win 7+: C:\Users\<username>\AppData\Local\malboxes\malboxes\

This will create a Vagrantfile prepared to use for malware analysis. Move it into a directory of your choice and issue:

By default the local directory will be shared in the VM on the Desktop. This can be changed by commenting the relevant part of the Vagrantfile.

For example:

Introduction video

• Introductory blog post: http://gosecure.net/2017/02/16/introducing-malboxes-a-tool-to-build-malware-analysis-virtual-machines/

malboxes was presented at NorthSec 2016 in a talk titled Applying DevOps Principles for Better Malware Analysis given by Olivier Bilodeau and Hugo Genesse

• Slides (HTML, best)

• Slides (PDF, degraded)

• Video