mr-tz
commented
1 year ago Should the GUI have an option to remove all and add all? It can be cumbersome to click each single item.
Closed MalwareMechanic closed 1 year ago
mr-tz
commented
1 year ago Should the GUI have an option to remove all and add all? It can be cumbersome to click each single item.
mr-tz
commented
1 year ago common.vm is always installed. Remove it from the selection process?
mr-tz
commented
1 year ago Is it worth integrating #419 and #416 here?
PacifikPlant
commented
1 year ago
- [ ] Test additional OS verisons (currently only tested Win10 1809)
Hi @MalwareMechanic! Thanks for the initiative 🥇 I'm rebuilding my lab, running few Win10 22H2 now. I will let you know how the setup is rolling.
MalwareMechanic
commented
1 year ago
- [ ] Test additional OS verisons (currently only tested Win10 1809)
Hi @MalwareMechanic! Thanks for the initiative 🥇 I'm rebuilding my lab, running few Win10 22H2 now. I will let you know how the setup is rolling.
Hey @PacifikPlant,
This is a draft so some things may fail. BUT I love the enthusiasm 💪 and look forward to hearing how it goes! I just pushed "flarevm.installer.vm" to our package repository (was missing earlier). We'll have a new release out soon!
PacifikPlant
commented
1 year ago First attempt failed with error:
Cannot find path 'C:\ProgramData\_VM\config.xml' because it does not exist. 2022/11/21 10:43:36 [flarevm.installer.vm] vm.common.psm1 [+] ERROR : [ERR] Cannot bind argument to parameter 'Path' because it is null. At C:\ProgramData\chocolatey\lib\flarevm.installer.vm\tools\chocolateyinstall.ps1:21 char:36 + $configXml = [xml](Get-Content $configPath) + ~~~~~~~~~~~ ERROR: Cannot bind argument to parameter 'Path' because it is null. The install of flarevm.installer.vm was NOT successful. Error while running 'C:\ProgramData\chocolatey\lib\flarevm.installer.vm\tools\chocolateyinstall.ps1'. See log for details. Chocolatey installed 0/1 packages. 1 packages failed. See the log for details (C:\ProgramData\chocolatey\logs\chocolatey.log). Failures - flarevm.installer.vm (exited -1) - Error while running 'C:\ProgramData\chocolatey\lib\flarevm.installer.vm\tools\chocolateyinstall.ps1'. See log for details.
Same here, starting to work again from the second.
MalwareMechanic
commented
1 year ago Just noting this down here: ADExplorer also got installed for me by default?!
Seems to be due to sysinternals package: https://github.com/mandiant/VM-Packages/blob/972ff82f8d620a65ea87b86ee8a718f0e8df1904/packages/sysinternals.vm/tools/chocolateyinstall.ps1#L55
mr-tz
commented
1 year ago Ah good find. That's it, quite hidden :\
aelfeky
commented
1 year ago How do you guys use Yara rule to identify the malware family
Get Outlook for iOShttps://aka.ms/o0ukef
From: Moritz @.> Sent: Wednesday, November 23, 2022 2:58:23 PM To: mandiant/flare-vm @.> Cc: Subscribed @.***> Subject: Re: [mandiant/flare-vm] Update installer (PR #423)
Ah good find. That's it, quite hidden :\
— Reply to this email directly, view it on GitHubhttps://github.com/mandiant/flare-vm/pull/423#issuecomment-1325589778, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AHBAFY34PA6D5U3KRUWKRZLWJZZN7ANCNFSM6AAAAAASC7OHI4. You are receiving this because you are subscribed to this thread.Message ID: @.***>
mr-tz
commented
1 year ago Hi @aelfeky, this seems unrelated to this discussion, but I suggest to check out https://virustotal.github.io/yara/ and https://groups.google.com/g/yara-project.
MalwareMechanic
commented
1 year ago Submitted https://github.com/mandiant/VM-Packages/pull/121 to fix duplicate failed packages logging
mr-tz
commented
1 year ago Most recent log, looking pretty good already. log.txt
Of note:
2022/11/29 12:02:12 [notepadplusplus.vm] chocolateyinstall.ps1 [+] WARN : Can't find config.xml to modify@mr-tz when you say:
the installed packages ($installedPackages = chocolatey list --local-only) are incomplete
Do you mean the below towards the top?
VM Installed Packages
-----
Chocolatey v1.2.0
2 validations performed. 1 success(es), 1 warning(s), and 0 error(s).
Validation Warnings:
- A pending system reboot request has been detected, however, this is
being ignored due to the current command being used 'list'.
It is recommended that you reboot at your earliest convenience.
Boxstarter 3.0.0
Boxstarter.Bootstrapper 3.0.0
Boxstarter.Chocolatey 3.0.0
Boxstarter.Common 3.0.0
Boxstarter.HyperV 3.0.0
Boxstarter.WinConfig 3.0.0
chocolatey 1.2.0
common.vm 0.0.0.20221128
8 packages installed.The host info is grabbed before installation rather than afterwards, so the list there wouldn't reflect installed packages after installation. We could also add a post-install list of packages as well.
MalwareMechanic
commented
1 year ago @mr-tz
libraries.python3.vm appears to be noisy in log or is there a bug, e.g., are other logs missing?
Ah I see, I switched from Write-Host to VM-Write-Log. I'll switch it back. Good find, it's noisy
mr-tz
commented
1 year ago The host info is grabbed before installation rather than afterwards, so the list there wouldn't reflect installed packages after installation. We could also add a post-install list of packages as well.
Ah yeah, that confused me. I saw the timestamp, but providing what's there after would make more sense I think.
Initial PR to enable review and feedback 🥳
Additional work to do:
config.xmlTODOitems ininstall.ps1Screenshot of GUI installer on my Win10 1809 VM with a resolution of 5120x2754 and 200% scaling:
Can run GUI from CLI via (assuming all conditions are met):