FireEye Flare REM

A few weeks back the FireEye team released their version of a REM box called “Flare”. A customizable vm for analyzing malware. Has a full suite of tools installed from:

Debuggers
———
* OllyDbg + OllyDump + OllyDumpEx
* OllyDbg2 + OllyDumpEx
* x64dbg
* WinDbg

Disassemblers ====

* IDA Free
* Binary Ninja Demo

Java ====
* JD-GUI

Visual Basic ====
* VBDecompiler

Flash ====
* FFDec

.NET ====
* ILSpy
* DNSpy
* DotPeek
* De4dot

Office ====
* Offvis

Hex Editors ====
* FileInsight
* HxD
* 010 Editor

PE ====
* PEiD
* ExplorerSuite (CFF Explorer)
* PEview
* DIE

Text Editors ====
* SublimeText3
* Notepad++
* Vim

Utilities ====
* MD5
* 7zip
* Putty
* Wireshark
* RawCap
* Wget
* UPX
* Sysinternals Suite
* API Monitor
* SpyStudio
* Checksum
* Unxutils

Python, Modules, Tools ====
* Python 2.7
* Hexdump
* PEFile
* Winappdbg
* FakeNet-NG
* Vivisect
* FLOSS
* FLARE_QDB
* PyCrypto
* Cryptography

Other ====
* VC Redistributable Modules (2008, 2010, 2012, 2013)

Now it does say you can install this on a Windows 7 box but found some issues and opted in to upgrade to Windows 10 clean install. Once upgraded, the FE Flare installer seemed to have worked better. Visit their GitHub page here for installation and additional information: https://github.com/fireeye/flare-vm

Installation is very easy, simply run:

http://boxstarter.org/package/url?https://raw.githubusercontent.com/fireeye/flare-vm/master/flarevm_malware.ps1

in Microsoft Edge or IE. This will then spawn the boxstarter process to start the installation. Keep in mind that this install can take awhile to complete. After that you should have a pretty solid starting foundation to start analyzing malware. After the install was complete you can install any other apps needed for your tool belt.

Thanks to Peter for his work.

Leave a Reply

Your email address will not be published. Required fields are marked *