Technical Malware Test
Overview
The Malware Simulation Toolkit is a powerful tool designed to mimic various types of malware behavior on your computer. However, using this tool without appropriate precautions can raise concerns within your organization's Information Security (InfoSec) team.
Checklist
You should only use this tool inside of a VM - never in your real environment. While the files are ultimately harmless, they mimic the behavior of many types of malware and could raise false alarms for your security team(s).
Alert your Security team before starting!
Configure the Toolkit
The Malware Testing Toolkit comes with three different modes to choose from; Full, Advanced Dropper, and Ransomware. Each mode has its own set of configuration options:
The full toolkit performs an extensive test of the system using a large number of operations. By default the full suite of tests is active, and each test can be configured in the message template.
Running the test
Start your campaign, then either download the toolkit to your VM from your Lucy server or from the campaign email attachment.
A test like this is likely to raise a lot of red flags for your InfoSec team. While this is a good sign that your policies are working to protect you, it's best to give them a heads up before executing this test and setting off alarms.
AV problems and security warnings
Some antivirus solutions may flag the tool as a virus or suspicious file, especially behavior-based antivirus programs. This indicates that your antivirus can detect certain methods used by the tool that are commonly associated with malware. It is a positive sign that your antivirus can identify malicious code without relying solely on signatures. Since the toolkit mimics malware activities, these alerts are not inherently incorrect. You can either ignore them or, if necessary, disable your antivirus if it prevents you from completing the malware assessment test.
You may encounter multiple security warnings when opening or executing the file. If you open the file as an email attachment or download it, a warning window will inform you that executables can be dangerous and may harm your computer. This warning occurs because the executable is not code-signed. We cannot code-sign the executable because parts of it are dynamically generated at runtime; however, it is safe to execute.
Last updated
Was this helpful?