Using an Apple Silicon laptop, dealing with malware analysis is always a challenge. While Windows ARM does a decent job emulating x86, there’s always the concern that the artifacts you observe may not behave the same way on a real x86 architecture. The only reliable solution is to use QEMU—despite being a fully emulated CPU, it performs exceptionally well. On top of that, you will also find an amazing community sharing their anti-detection patches.

As I rediscover QEMU, I’m convinced it’s one of the finest pieces of software ever developed. Every time I read its documentation, I uncover incredible new features. For example, lately, I learned about the “Virtual FAT Disk Image” option, which serves as an equivalent to the Shared Folder feature in VMware and VirtualBox.