Viper - Binary analysis framework

Viper es una plataforma diseñada para la organización de una biblioteca de malware.
En la web del proyecto definen Viper como:

"Viper is a binary analysis and management framework. Its fundamental objective is to provide a solution to easily organize your collection of malware and exploit samples as well as your collection of scripts you created or found over the time to facilitate your daily research."
asdd

Normalmente, cuando estamos analizando malware, ya sea por una investigación, for fun, o porque nos interesa analizar una variante en concreto, no sería raro poseer varias muestras para revisar. 
Viper nos ayudará en esa tarea de clasificación y revisión de dichas muestras.

Para poder analizarlo, descargaremos la última versión de Github:


root@ecrime:~/tools/malware# git clone https://github.com/botherder/viper
Cloning into 'viper'...
remote: Counting objects: 3054, done.
remote: Total 3054 (delta 0), reused 0 (delta 0)
Receiving objects: 100% (3054/3054), 1.28 MiB | 0 bytes/s, done.
Resolving deltas: 100% (1909/1909), done.

Checking connectivity... done.

Una vez hemos descargado viper, instalaremos las librerías necesarias:


root@ecrime:~/tools/malware/viper# pip install -r requirements.txt 
Requirement already satisfied (use --upgrade to upgrade): python-magic in /usr/local/lib/python2.7/dist-packages (from -r requirements.txt (line 1))
Requirement already satisfied (use --upgrade to upgrade): pefile in /usr/local/lib/python2.7/dist-packages (from -r requirements.txt (line 2))
Requirement already satisfied (use --upgrade to upgrade): PrettyTable in /usr/lib/python2.7/dist-packages (from -r requirements.txt (line 3))
Requirement already satisfied (use --upgrade to upgrade): pydeep in /usr/local/lib/python2.7/dist-packages (from -r requirements.txt (line 4))
Requirement already satisfied (use --upgrade to upgrade): requests in /usr/local/lib/python2.7/dist-packages (from -r requirements.txt (line 5))
Requirement already satisfied (use --upgrade to upgrade): SQLAlchemy in /usr/local/lib/python2.7/dist-packages (from -r requirements.txt (line 6))
Requirement already satisfied (use --upgrade to upgrade): pycrypto in /usr/local/lib/python2.7/dist-packages (from -r requirements.txt (line 7))
Downloading/unpacking OleFileIO-PL (from -r requirements.txt (line 8))
  Downloading OleFileIO_PL-0.42.1.zip (120kB): 120kB downloaded
  Running setup.py (path:/tmp/pip_build_root/OleFileIO-PL/setup.py) egg_info for package OleFileIO-PL
    
Requirement already satisfied (use --upgrade to upgrade): olefile in /usr/local/lib/python2.7/dist-packages (from -r requirements.txt (line 9))
Requirement already satisfied (use --upgrade to upgrade): BeautifulSoup4 in /usr/local/lib/python2.7/dist-packages (from -r requirements.txt (line 10))
Requirement already satisfied (use --upgrade to upgrade): bottle in /usr/local/lib/python2.7/dist-packages (from -r requirements.txt (line 11))
Requirement already satisfied (use --upgrade to upgrade): pylzma in /usr/local/lib/python2.7/dist-packages (from -r requirements.txt (line 12))
Requirement already satisfied (use --upgrade to upgrade): pyelftools in /usr/local/lib/python2.7/dist-packages (from -r requirements.txt (line 13))
Requirement already satisfied (use --upgrade to upgrade): bitstring in /usr/local/lib/python2.7/dist-packages (from -r requirements.txt (line 14))
Requirement already satisfied (use --upgrade to upgrade): dnspython in /usr/local/lib/python2.7/dist-packages (from -r requirements.txt (line 15))
Requirement already satisfied (use --upgrade to upgrade): pyexiftool from git+https://github.com/smarnach/pyexiftool.git in /usr/local/lib/python2.7/dist-packages (from -r requirements.txt (line 16))
Requirement already satisfied (use --upgrade to upgrade): pyasn1 in /usr/local/lib/python2.7/dist-packages (from -r requirements.txt (line 17))
Requirement already satisfied (use --upgrade to upgrade): M2Crypto in /usr/local/lib/python2.7/dist-packages (from -r requirements.txt (line 18))
Installing collected packages: OleFileIO-PL
  Running setup.py install for OleFileIO-PL
    
Successfully installed OleFileIO-PL

Cleaning up...

Creando un proyecto con Viper

Lo primero que vamos ha hacer es crear un proyecto con Viper:



Como veis, no tenemos ninguna muestra en el proyecto, ya que acabamos de crearlo.
Ahora, lo que haremos será añadir muestras para analizarlas


Añadiendo nuestras al proyectos Viper
Si veis en la imagen, he señalado el tipo de archivo, además de los TAGS correspondientes con los que quería marcar estos samples.

Si queremos ver los ficheros correspondientes añadidos al proyecto lo podemos hacer:

Buscando los archivos en el proyecto Viper actual

Viper permite analizar cada archivo en detalle y, obtener información sobre él, vamos ha hacer un ejemplo con uno de ellos:


Detalles de archivo
Antes de trabajar con el archivo, hay que abrirlo previamente. Si introducimos el comando info, podremos obtener información sobre él. 
Trabajando con el archivo directamente podemos obtener información que obtendríamos con herramientas como pefile!


Extrayendo información de un fichero
Otra de las cosas que me han parecido interesantes es poder hacer el lookup en VirusTotal


Comprobando hash en Viper
Sin duda Viper es un framework del que podremos sacar mucho provecho, sobretodo si nos dedicamos analizar malware en nuestro día a día.

Proyecto Viper => https://github.com/botherder/viper

1 comentarios:

  1. Ji Yeon dijo...

    Thanks for sharing, nice post!

    Võng điện tự động hay võng đưa tự động hay võng điện cho bé giúp bé ngủ ngon mà vong em be tu dong không tốn sức ru võng. Võng tự động hay may dua vong em be chắc chắn, gọn gàng, dễ tháo xếp, dễ di chuyển và may dua vong dễ dàng bảo quản.
    Chia sẻ các bạn cách chống nắng bằng trà xanh hay cách giúp trẻ nhanh biết bò hay Collagen trị mụn được không hay chữa mất ngủ bằng gừng đơn giản, bí quyết làm trắng da bằng cà phê và dầu dừa hiệu quả hay cách giúp trẻ không đái dầm ban đêm hiệu quả hay giảm cân nhanh bằng gạo lứt hq hay mẹo giúp tăng cường trí nhớ hiệu quả, kinh nghiệm trị tiêu chảy cho bé bằng cà rốt hiệu quả, những thực phẩm giúp cải thiện trí nhớ hiệu quả, mẹo hay giúp trẻ thích ăn rau hay cách giúp trẻ hạ sốt nhanh hiệu quả, bệnh viêm khớp không nên ăn gì hay mẹo giúp giảm độ cận thị cho bạn, bí quyết chống nắng với cà chua cực hiệu quả, cách giúp bé ngủ ngon giấcthực phẩm giúp bé ngủ ngon mẹ nên biết, chia sẻ cách làm trắng da toàn thân bằng thực phẩm, những món ăn chữa bệnh mất ngủ hay mách mẹ mẹo giúp bé không sốt khi mọc răng hiệu quả
    Những thực phẩm tốt cho tại http://thucphamtotcho.blogspot.com/
    Những thực phẩm tốt cho da tại http://thucphamtotchoda.blogspot.com/
    Chăm sóc da mặt ở http://chamsocdamato.blogspot.com/
    Cách chăm sóc da mặt bằng http://cachchamsocdamatbang.blogspot.com/

Publicar un comentario