Question 1

How do I set up HaboMalHunter on a new virtual machine?

Accepted Answer

Follow the README steps: install VirtualBox 5.1, set up an Ubuntu 14.04 LTS VM, run the update script (./util/update_image/update_image.sh), compile the source with package.sh, and copy files into the VM. It requires root permissions and specific BIOS settings for Intel-VT.

Question 2

HaboMalHunter vs Cuckoo Sandbox: which is better for Linux malware analysis?

Accepted Answer

HaboMalHunter is specialized for Linux ELF files with integrated static/dynamic analysis and detailed reports, while Cuckoo Sandbox is more versatile across platforms but may require more configuration. Choose Habo for focused ELF analysis or Cuckoo for broader malware types.

Question 3

Can HaboMalHunter analyze Windows executable files?

Accepted Answer

No, it is designed specifically for Linux ELF files on x86/x64 platforms, as stated in the features. For Windows PE files, you would need complementary tools like Cuckoo or other sandboxes.

Question 4

What happens if I try to analyze a .so library file?

Accepted Answer

For non-executable ELF files like .so, HaboMalHunter will generate a dynamic log with an error message indicating the file cannot be executed, as mentioned in the known issues section, limiting its dynamic analysis capabilities.

Question 5

How to add custom YARA rules to HaboMalHunter?

Accepted Answer

You can place custom YARA rules in the ./util/yara/malware/ directory, as referenced in the future work section. This allows for tailored detection signatures, though the setup requires manual file management within the VM.

Question 6

Is HaboMalHunter still actively maintained and updated?

Accepted Answer

Based on the README, which shows last major updates from 2017 and references outdated software, it appears minimally maintained. Check the GitHub repository for recent commits or consider forks for potential updates.

HaboMalHunter

What is HaboMalHunter?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions