MalSys

Overview

MalSys is a versatile toolkit designed to assist in your malware analysis endeavors. As of now, it primarily leverages the , to retrieve information pertinent to a given file or hash. In essence, MalSys functions as a command line interface (CLI) tool that encapsulates most of the features available on the MalwareBazar API.

Installation

git clone https://github.com/UncleJ4ck/MalSys
cd MalSys
pip3 install -r requirements.txt
python3 main.py
python3 main.py <operation> <arguments>

Capabilities

• Download a sample from malware bazar

python3 main.py download_sample --hash <SHA256 hash of the malware sample

This command will download, unzip, and store the sample as a .exe or .bin file (or another format depending on the sample's filetype).

• Scans a file using a specified file path or hash

python3 main.py scan_file --hash 'hash of the sample'

python3 main.py scan_file --file 'path of the sample'

• Query an icon dhash using a specified file or hash

python3 main.py query_icon_dhash --hash 'hash'

This command will query the hash using the MalwareBazar API.

python3 main.py query_icon_dhash --file 'sample'

The features within MalSys mirror those available on the MalwareBazar API website, and this holds true across all operations.

Dockerfile

docker run -it malsys:latest
docker run -it malsys:latest python3 main.py 'operation' 'arguments'

TO-DO

• [ ] Addition of other free API services such as AlienVault, etc.
• [ ] Implementation of features like IOC scanning and Yara Generation
• [ ] Bug fixes
• [ ] Incorporation of live dynamic analysis via sandboxing and other methods