A powerful, Python-based malware analysis toolkit running on Google Colab. It leverages the VirusTotal API to analyze live malicious samples sourced from platforms like MalwareBazaar, providing deep insights into threat behavior and network infrastructure.
- 🔍 Hash-Based Detection: Safely analyze malware using SHA256 hashes without executing malicious files locally.
- 🧬 Behavior Classification: Automatically identifies common malware families (e.g., njRAT, Ransomware, Infostealers) using a custom threat dictionary.
- 🌐 Network Forensics: Extracts and maps Command & Control (C2) server IP addresses, including their geographical locations and ISPs.
- ☁️ Cloud Execution: Designed to run seamlessly in Google Colab for an isolated and safe analysis environment.
- A free VirusTotal API Key.
- A Google account to run Google Colab (or a local Python environment).
- Open the
.ipynbfile in Google Colab. - Run the environment setup cell to install required libraries (
vt-py,nest-asyncio). - When prompted, securely paste your VirusTotal API key (your key is hidden and never saved in the code).
- Enter the SHA-256 hash of the suspicious file you want to investigate.
- Review the generated threat intelligence report.