Setting up Remnux and FlareVM in Virtualbox

REMnux is a Linux distribution based on Ubuntu that includes a curated collection of free tools for reverse-engineering and analyzing malicious software. Furthermore, Flare VM is a fully customizable, Windows-based malware analysis security distribution.
If you combine REMnux and Flare VM, you will have a powerful malware analysis toolkit that is both free and open source.

This article will show you how to set up network Remnux and flare vm inside of virtualbox for malware analysis.

Get the Virtual Appliance

Remnux:
https://docs.remnux.org/install-distro/get-virtual-appliance
Windows:
https://developer.microsoft.com/en-us/microsoft-edge/tools/vms/
Flare VM:
https://github.com/mandiant/flare-vm

Credentials:

Remnux:
Full name: REMnux User
Username: remnux
Password: malware

Windows :
Passw0rd!

1. Import Remnux ova into virtualbox
   File -> Import Appliance -> File location of remnux.ova or simply press the shortcut key ctrl + I

Import Remnux ova into Virtualbox

2. Import the Windows ova appliance (Assuming you already setup flareVM on windows 10)

Import Windows ova into Virtualbox

3. Setting Up Network Configuration.

Proposed Network Setup

3.1 Go to Host network manager
File -> Host Network Manager -> Create Host-Only network

3.2 Attached network adapter on remnux
Go to Settings of remnux VM and then go to network.

Remnux VM Settings -> Network -> Adapter 2 -> Enable Network Adapter -> attached to Host-Only Adapter -> (Name of Host-only network) vboxnet0 in my case

3.3 Attached network adapter on FlareVM

Flare VM Settings -> Network -> Adapter 1 -> Enable Network Adapter -> attached to Host-Only Adapter -> (Name of Host-only network) vboxnet0 in my case

4. Boot up Remnux and open the terminal. Check the name of network adapter

ip addr

Setup the static IP address. In my case, enp0s17 is my NAT network adapter which is connected to the internet and enp0s8 is the host only adapter that is connected in FlareVM

Edit 01-netcfg.yaml file using Nano

nano /etc/netplan/01-netcfg.yaml

01-netcfg.yaml

network:
    version: 2
    renderer: networkd
    ethernets: 
        enp0s17:
            dhcp4: yes
        enp0s8:
            dhcp4: no 
            addresses: [192.168.56.2/24]

Save the file and reboot Remnux

5. Boot up Windows(FlareVM)
Click network adapter icon and Open Network and internet Settings which is located in the bottom left of task bar.
Click Change adapter options.

6. Test it out
Open terminal in remnux and type

fakedns

then open CMD on FlareVM and ping a website to test it out

ping google.com

Result: it just works

Remember to take a snapshot and harden your host OS to prevent malware from escaping. We can use file transfer techniques such as python https server to transfer files.