As others have said, usually, C, C++, assembly, but, in general, it depends on the malware. If a malware is written in a language X and it's interpreted, then you need to know X. If it's compiled to some kind of machine language Y, then you need to know Y.
For general reverse engineering, I can recommend 2 advanced books:
Practical Reverse Engineering: x86, x64, ARM, Windows Kernel, Reversing Tools, and Obfuscation
Practical Binary Analysis: Build Your Own Linux Tools for Binary Instrumentation, Analysis, and Disassembly
These books will either fascinate or scare you away.