Spin up a Docker container (docker run) using the remnux/mastiff image, mapping the host /tmp (or wherever your suspicious file resides) to the Docker /tmp (/tmp:/tmp), drop directly into a terminal (-it, bash), and delete Docker after use (--rm). To be clear, when mapping host directories into Docker containers its /host:/container:

docker run --rm -it -v /tmp:/tmp remnux/mastiff bash

Run against the suspicious files (in this case teflondoor.exe from the “EQUATIONGROUP” sample):

./ /tmp/TOOLS/teflondoor.exe

Change directory to ~/workdir/xxxhashxxx to view the output files of mastiff:

The “peinfo-quick.txt”:

EXTRA---VirusTotal results for “57d8f4d4e74d5ea21e8e257d810f7177”:

results matching ""

    No results matching ""