::.. =[]= ..::     ::.. =[]= ..::     ::.. =[]= ..::     ::.. =[]= ..::
 

#OpNewblood Malware Automatic Analyzing: Cuckoo Sandbox

| June 24th, 2017 by ro0ted | Comments Off on #OpNewblood Malware Automatic Analyzing: Cuckoo Sandbox

This tutorial we go over Cuckoo Sandbox which is a malware analysis system. Basically submit any suspicious file  in a matter of seconds Cuckoo will provide you back some detailed results outlining what such file did when executed inside an isolated environment.

  • Analyze many different malicious files (executables, document expoits, Java applets) as well as malicious websites, in Windows, OS X, Linux, and Android virtualized environments.
  • Trace API calls and general behavior of the file.
  • Dump and analyze network traffic, even when encrypted.
  • Perform advanced memory analysis of the infected virtualized system with integrated support for Volatility.

Requirements:

Virtualbox

Windows/MacOSX/or Linux platform

I’m using the latest version of debian in vbox (virtual box).

We will start by opening a terminal. We need tcpdump.

apt-get install tcpdump

Tcpdump requires root privileges, but since you don’t want Cuckoo to run as root you’ll have to set specific Linux capabilities to the binary:

 setcap cap_net_raw,cap_net_admin=eip /usr/sbin/tcpdump

Verify results with: getcap /usr/sbin/tcpdump

Next we need git so we can clone a repository.

apt-get install git

git clone https://github.com/cuckoosandbox/cuckoo.git

Now we need required python libraries.

apt-get install python python-pip python-dev libffi-dev libssl-dev apt-get install python-virtualenv python-setuptools apt-get install libjpeg-dev zlib1g-dev swig

in order to use the Django-based Web Interface, MongoDB is required:

apt-get install mongodb

 

In order to use PostgreSQL as database (our recommendation), PostgreSQL will have to be installed as well:

apt-get install postgresql libpq-dev

If you want to use XenServer you’ll have to install the XenAPI Python package

pip install XenAPI

To install cuckoo type:

pip install -U pip setuptools

pip install -U cuckoo

to start Cuckoo type

cuckoo -d

There’s many modules next tutorial we will use it along with volatility.

(Visited 269 times, 1 visits today)

Comments are closed.

Please note: Comment moderation is enabled and may delay your comment. There is no need to resubmit your comment.