Published on January 25th, 2011 | by NJ Ouchn0
REMnux The Linux Distribution for Reverse-Engineering Malware v.2.0 Released
REMnux is a lightweight Linux distribution for assisting malware analysts in reverse-engineering malicious software. The distribution is based on Ubuntu and is maintained by Lenny Zeltser.
REMnux is designed for running services that are useful to emulate within an isolated laboratory environment when performing behavioral malware analysis. As part of this process, the analyst typically infects another laboratory system with the malware sample and directs potentially-malicious connections to the REMnux system that’s listening on the appropriate ports.
You can learn about malware analysis techniques that make use of the tools installed and pre-configured on REMnux by taking my course on Reverse-Engineering Malware (REM) at SANS Institute.
Originally released in 2010, REMnux has been updated to version 2 in 2011.
What REMnux Is Not
REMnux isn’t a fancy distribution that was built from scratch… In simple terms, it’s trimmed-down version of Ubuntu and has various useful malware tools set up on it.
REMnux does not aim to include all malware analysis tools in existence. Many of these tools are designed to work on Windows, and investigators prefer to use Windows systems for running such tools. If you are interested in running Windows analysis tools on a Linux platform, take a look at the Zero Wine project.
If you are looking for a more full-featured Linux distribution focused on forensic analysis, take a look at SANS Investigative Forensic Toolkit (SIFT) Workstation.
Malware Analysis Tools Set Up On REMnux
Interacting with web malware: TinyHTTPd, Paros proxy, Burp Suite Free Edition, stunnel, VirusTotal VTzilla, User Agent Switcher, Tor and torsocks with “usewithtor”). To launch the Tor daemon, type “tor start“; to shut it down “tor stop“.