Welcome to my malware analysis repository. This is where I document my process of analyzing real-world malware samples in a safe, controlled lab environment.
Malware analysis is the process of studying malicious software to understand its behavior, origin, functionality, and potential impact. The goal may be to:
- Understand indicators of compromise (IOCs)
- Extract configuration and C2 information
- Develop detection rules (YARA, Sigma, etc.)
- Reverse engineer obfuscated code
To safely study malware, I set up a segmented virtual lab consisting of:
- FLARE VM – A Windows analysis VM preloaded with tools for static/dynamic analysis and reverse engineering.
- REMnux – A Linux distro focused on malware network behavior and unpacking tools.
- Isolated Virtual Network – All VMs are isolated from the internet to prevent accidental spread or callbacks.
Full setup details are in Setup.md
This repository contains:
- 📝 Writeups of malware samples I’ve analyzed.
- 🔍 Observations of malware behavior (file drops, registry changes, C2s).
- 🧩 Reverse engineering breakdowns (disassembly, deobfuscation).
- 🛡️ Detection ideas (YARA rules, IOCs).
Each analysis writeup will include:
- Sample info (hashes, type, packer)
- Tools used
- Behavior overview
- Network activity
- Strings and configuration extraction
- Static vs dynamic insights
This repository is for educational and research purposes only.
Do not attempt to run malware samples unless you are in a properly isolated and controlled environment. I take no responsibility for misuse.
Thank you for stopping by!