Technical Malware Test

Overview

The Malware Simulation Toolkit is a powerful tool designed to mimic various types of malware behavior on your computer. However, using this tool without appropriate precautions can raise concerns within your organization's Information Security (InfoSec) team.

Checklist

Configure the Toolkit

The Malware Testing Toolkit comes with three different modes to choose from; Full, Advanced Dropper, and Ransomware. Each mode has its own set of configuration options:

The full toolkit performs an extensive test of the system using a large number of operations. By default the full suite of tests is active, and each test can be configured in the message template.

Click here to view the full list of tests.

Running the test

Start your campaign, then either download the toolkit to your VM from your Lucy server or from the campaign email attachment.

AV problems and security warnings

Some antivirus solutions may flag the tool as a virus or suspicious file, especially behavior-based antivirus programs. This indicates that your antivirus can detect certain methods used by the tool that are commonly associated with malware. It is a positive sign that your antivirus can identify malicious code without relying solely on signatures. Since the toolkit mimics malware activities, these alerts are not inherently incorrect. You can either ignore them or, if necessary, disable your antivirus if it prevents you from completing the malware assessment test.

You may encounter multiple security warnings when opening or executing the file. If you open the file as an email attachment or download it, a warning window will inform you that executables can be dangerous and may harm your computer. This warning occurs because the executable is not code-signed. We cannot code-sign the executable because parts of it are dynamically generated at runtime; however, it is safe to execute.

Last updated

Was this helpful?