ANY.RUN Sandbox analysis linux malware

The ANY.RUN sandbox has recently undergone an update to include support for Linux, strengthening its capacity to offer a safe and isolated atmosphere for examining malware and conducting threat analysis.

The latest feature introduced will facilitate security analysts to scrutinize and replicate malevolent actions in Linux-oriented systems, providing a more extensive and potent threat perception and response.

ANY.RUN is a cloud-based environment for analyzing Windows malware and Linux-based samples. It’s useful for malware analysts, SOC, DFIR teams, and SOC personnel with ANY.RUN, users can safely examine threats, simulate different scenarios, and gain insights into malware behavior to improve cybersecurity strategies.

Linux malware analysis is necessary because Linux is a popular target for hackers, and Linux malware is sophisticated.

Linux is widely used in organizational IT infrastructures, resulting in many files that need to be analyzed on these systems.

Researchers at IBM have noticed an increase in Linux malware. In 2020, the number of malware families related to Linux increased by 40%.

Compromising Linux-based cloud computing platforms could allow attackers access to massive resources, making the OS an appealing target.

Document
Analyse Shopisticated Malware with ANY.RUN

Try ANY.RUN Yourself with a 14-day Free Trial

More than 300,000 analysts use ANY.RUN is a malware analysis sandbox worldwide. Join the community to conduct in-depth investigations into the top threats and collect detailed reports on their behavior..

How to Create a New Task in Linux

You can select Linux as your operating System from the drop-down menu when creating a new task. 

According to the ANY.RUN report, If you choose this option, the sample will run on Ubuntu. It’s worth noting that Ubuntu 22.04.2 will be supported upon launch and all ANY.RUN users, regardless of their plan, will have access to Linux.

The Ubuntu logo identifies the Linux samples to help with navigation. This makes it easy to differentiate between Windows and Linux-based tasks in the team’s homepage and sidebar quick menu.

Enhancing Linux Malware Analysis with ANY.RUN’s

ANY.RUN, a platform for interactive malware analysis, has made its Windows sample analysis capabilities available on Linux for the first time. 

The platform can help analysts quickly identify undetected threats using interactive analysis, even in the case of zero-day vulnerabilities, while using fewer resources. This makes it ideal for training entry-level analysts and reverse engineers.

ANY.RUN’s interactive analysis allows for the rapid identification of suspicious activities, with real-time alerts ensuring that no critical information is overlooked. 

Upon task completion, concise reports are generated that provide access to all relevant data and IOCs, making additional investigation or incident response easier.

The platform also features an MITRE Matrix report that helps identify the kind of threat or family based on suspicious behaviors recorded in the Linux sandbox task. This feature is handy for quickly aligning suspicious behaviors with TTPs.

For more information on ANY.RUN features, you can learn about the platform’s capabilities by visiting 8 ANY.RUN.

Advantages of using ANY.RUN to analyze Linux malware

Linux-based operating systems are inherently more secure than Windows. However, many malware families can still exploit vulnerabilities in Linux, which are complex and difficult to identify.

ANY.RUN provides an easy way to analyze Linux malware and obtain real-time information from the analysis. 

This eliminates the need for security experts to possess reverse engineering skills to identify complex Linux malware and extract the required IOCs quickly. The results are immediately understandable, allowing analysts to move forward efficiently without context switching. 

ANY.RUN is a cost-effective solution that eliminates the need for custom infrastructure requirements. With preconfigured Linux virtual machines (VMs) that gather IOCs, customers can avoid weeks of infrastructure setup time related to DevOps.

In addition to being a stand-alone research platform, ANY.RUN can also be used in conjunction with SIEM/SOAR. Accurate analysis of Linux malware is crucial for strong security, as Linux is widely used, particularly in cloud hosting, making it a desirable target for attackers. 

Breaching a Linux-based system can provide access to a wealth of resources, so Linux users need to be aware of the growing threats to their devices.

ANY.RUN is a cloud-based malware sandbox for SOC and DFIR teams. With advanced features, 300,000 professionals can investigate incidents and streamline threat analysis. Try all features of ANY.RUN at zero cost for 14 days with a free trial.

Kaaviya is a Security Editor and fellow reporter with Cyber Security News. She is covering various cyber security incidents happening in the Cyber Space.