malboxes icon indicating copy to clipboard operation
malboxes copied to clipboard
verified publisher icon GoSecure

Alternative File Sharing for Malware Samples

Open Corb3nik opened this issue 8 years ago • 3 comments

Some malware samples fail to infect the VM properly when run inside VBox's shared folder.

I don't know the root cause as to why these samples fail, but as discussed with @obilodeau, it might be a good idea to find an alternative solution for sharing malware samples.

Corb3nik avatar Mar 31 '17 19:03 Corb3nik

This could be 2 different things:

  1. running from a share in general some malware might not be ready to run from a network share in general. Firs copying to c:\temp or something like that would probably fix the issue.

  2. anti-anti-malware / sandbox detection< The network sharing in the virtual box requires the vbox drivers to be installed - which is detected by some malware. To avoid this it might be possible to use ftp or http from the host system (which would require ftp-server or http-server on the host system).

malwarenights avatar Apr 10 '17 03:04 malwarenights

Is there any updates on this? Regarding the 2 recommendations by @malwarenights, I know VMCloak transfers files by HTTP with the agent running INSIDE the VM but that would require a client inside and I don't think we would want that. Vagrant can upload files with the file provisioner so I think we should go with that and upload them to temp or, even better, to a configurable path. Thoughts?

Svieg avatar Apr 22 '17 05:04 Svieg

Yes, having an additional method of file sharing (more like file copying to the VM) would be interesting and I would support that development.

obilodeau avatar Oct 03 '19 04:10 obilodeau