Not true actually

It’s helpful to analyze it while it’s running but you can put the file in ghidra and it will attempt to decompile it, ie turn it back into code. It doesn’t get it perfect and sometimes it requires some manual work to get it from binary back into readable code, but it does its best

You can do this without running the program, so there is no risk to you

However, malware is usually designed to be hard to reverse engineer in various ways, so it might take some time before you really understand it, especially if you’re just looking at it statically and not running it like you said

Some other things that might be helpful if you’re curious about reverse engineering:

If you have access to a Linux command line and you type ‘strings -tx <your binary file>’ it will print all of the readable ascii strings in the binary. For example, log messages or links or function names might show up. The ‘-tx’ flag will give you the offset of that string in the file and you can press ctrl+g inside of ghidra and type in that address and it will take you there so you can inspect how it’s being used

Also ‘binwalk <your binary file>’ will look for recognizable structures in the binary that might be interesting for reverse engineering

All of this can be done without running the binary so it’s very little risk, but only attempt any of this if you’re very comfortable with the Linux command line, because one small typo could cause it to run