📄
REMnux Documentation
📄
REMnux Documentation
📄
REMnux Documentation
📄
REMnux Documentation
REMnux: A Linux Toolkit for Malware Analysis
Install the Distro
Get the Virtual Appliance
Install from Scratch
Add to an Existing System
Run REMnux as a Container
Keep the Distro Up to Date
Discover the Tools
Examine Static Properties
Statically Analyze Code
Dynamically Reverse-Engineer Code
Perform Memory Forensics
Explore Network Interactions
Investigate System Interactions
Analyze Documents
Gather and Analyze Data
View or Edit Files
General Utilities
Run Tools in Containers
Docker Images of Malware Analysis Tools
Behind the Scenes
People
Technologies
License
Tips and More
REMnux Configuration Tips
REMnux Tool Tips
Malware Analysis Training
REMnux Website
Get Involved
Ask and Answer Questions
Write About the Tools
Add or Update Tools
Implement Enhancements
Powered by GitBook

Get the Virtual Appliance

The easiest way to get the REMnux distro is to download the REMnux virtual appliance in the OVA format, import it into your hypervisor, then run the upgrade command to make sure it's up-to-date. The virtual appliance is based on Ununtu 18.04.

Step 1: Download the Virtual Appliance File

The REMnux virtual appliance just over 54 GB. It comes as the industry-standard OVA file, which you can import into your virtualization software.

Pick one OVA file to download: Unless you're using Oracle VM VirtualBox, get the general OVA file. If you're using VirtualBox, get the VirtualBox version.

General OVA Link
VirtualBox OVA Link
General OVA Link

Download the REMnux general OVA file from one of these locations:

VirtualBox OVA Link

Download the REMnux VirtualBox OVA from one of these locations:

Some browsers change the extension of the OVA file after downloading it, possibly giving it the incorrect .ovf extension. If that happens, rename the file so it has the .ova extension.

Step 2: Confirm the Hash the OVA File

Validate the SHA-256 hash of the downloaded file using a tool such as sha256sum or shasum to make sure it matches this expected value:

General OVA Hash
VirtualBox VM Hash
General OVA Hash
0fd090c1a7f60db557c4004308fb6fa7f72531a1777278c93f50979d0ed55994
VirtualBox VM Hash
711be9f5966980991f8fb07ba789c993afd9ea0bfeb992b10bd3da1164ba431b

Step 3: Import the OVA File

If possible, upgrade your virtualization software to the latest version. Then, use it to import the downloaded OVA file. If you're not sure how to do that, follow the instructions below:

Direct Import
Conversion
Direct Import
Conversion

When importing the REMnux virtual appliance, allocate resources such as RAM and disk space based on what you have available. REMnux is a relatively lightweight distro, but the more you allocate to it, the faster it will run.

Step 4: Start the REMnux Virtual Machine

Once you start your REMnux virtual machine, it will automatically log you into the REMnux environment.

There is no logon screen for accessing the REMnux environment, because analysts generally use REMnux on a system to which physical access is already restricted. When you need to elevate your privileges or access the REMnux virtual appliance remotely, note the follow default credentials:

Username: remnux Password: malware

If necessary, change the keyboard layout of your system to match your locale and setup.

Step 5: Consider Special Hypervisor Requirements

Depending on which hypervisor or environment you're using, you might need to take the following steps:

VirtualBox

If your REMnux window is too small when you boot it up the system in VirtualBox, increase its scaling from 100% by going to the VirtualBox menu View > Virtual Screen 1. The best scaling factor depends on the size and resolution of your physical screen, but Scale to 200% often works well.

Remote Cloud, Such as AWS

The REMnux virtual appliance ships in "dedicated" installation mode, which automatically turns off the SSH daemon. This configuration is generally desirable when running REMnux in a local lab. If you're deploying the virtual appliance in a cloud environment, you might need to keep SSH enabled to remotely access your REMnux system. In that case:

  1. Edit the /etc/remnux-config and change the mode from dedicated to cloud.

  2. Enable the SSH daemon by running: sudo systemctl enable ssh.

  3. Change the default user's password and otherwise strengthen the SSH authentication method according to your requirements and risk tolerance.

  4. Reboot your REMnux system.

KVM/QEMU

If you converted the REMnux virtual appliance to KVM/QEMU, install install the "spice-vdagent" package in the virtual machine to be able to resize the windows of your VM and copy/paste between it and your host.

Proxmox

If you're planning to use the REMnux virtual appliance in Proxmox, follow the steps in this article to import the OVA. Once done, consider taking the following steps using the Proxmox interface:

  1. VM > Hardware > Display > Set to -> SPICE(qxl)

  2. VM > Hardware > Option > Spice Enhancements > Video Streaming: all

Step 5: Upgrade the REMnux Virtual Machine

After installing the REMnux virtual machine, run the following command inside the VM to upgrade it to the latest version of the distro:

remnux upgrade

For more details about keeping your REMnux environment current, so you benefit from the latest enhancements, see the Keeping REMnux Up to Date section.

Step 6: Take a Snapshot of the Virtual Machine

Consider taking a snapshot of your REMnux virtual machine, so you can return it to a known good state if the need arises.

Previous
REMnux: A Linux Toolkit for Malware Analysis
Next - Install the Distro
Install from Scratch
Last updated 1 day ago
Contents
Step 1: Download the Virtual Appliance File
Step 2: Confirm the Hash the OVA File
Step 3: Import the OVA File
Step 4: Start the REMnux Virtual Machine
Step 5: Consider Special Hypervisor Requirements
VirtualBox
Remote Cloud, Such as AWS
KVM/QEMU
Proxmox
Step 5: Upgrade the REMnux Virtual Machine
Step 6: Take a Snapshot of the Virtual Machine