REMnux Configuration

• REMnux Configuration
  • Getting REMnux
  • System Configuration
    • Install Additional Tools
  • Important: VM Snapshots

REMnux is a Linux toolkit for reverse-engineering and analyzing malicious software, maintained by Lenny Zeltser. It is distributed as a pre-built Ubuntu-based VM with a curated collection of malware analysis tools already installed and configured. This is our primary analysis environment for this course.

Getting REMnux

Download the pre-built VM image from docs.remnux.org. Import it into VirtualBox (or your preferred hypervisor) and boot it. You do not need to install Linux from scratch.

At this point, you should have a running REMnux VM. If you don’t, go back and do that. I’ll wait.

System Configuration

First, make sure REMnux is up to date:

$ sudo apt update
$ sudo apt upgrade -y

Install Additional Tools

REMnux comes with many malware analysis tools pre-installed. The script provided for this course installs supplemental tools not included in the base image. Run it with:

$ curl -LO https://web.cecs.pdx.edu/~dmcgrath/courses/malware/setup.sh
$ chmod +x setup.sh
$ # edit the script to fill in the missing pieces near the bottom
$ ./setup.sh

This will take a while. When it’s done, reboot your VM to ensure everything is set up correctly, then log back in and launch a terminal.

Important: VM Snapshots

Before you begin any malware analysis, take a VM snapshot. This allows you to revert to a clean state at any time. In VirtualBox:

1. Go to Machine > Take Snapshot
2. Give it a descriptive name (e.g., “Clean baseline - post setup”)
3. Before each assignment, revert to this snapshot or take a new one

Never execute malware outside your VM. If in doubt, revert to a clean snapshot.