Friday, November 11, 2016

cuckoo sandbox Automated Malware Analysis

cuckoo is a very famous automated malware analysis sandbox using which you can create your own poor guy's malware analysis lab. so let's see how we achieve the goal, stay with me.

Installation & First Run


As the Focus is not installation so i'll simply not let you suffer the huge article pain for installation, if you feel free to install you are pretty good to go with default installation url and if you feel like lost ping me and i'll help you in setting it as much as i can. okay so i assume you guys have already installed cuckoo and let's first run the cuckoo sandbox and virtual-box as well so that cuckoo can find our guest windows xp.

malware analysis sandbox
cuckoo.py


as cuckoo is running and loaded our guest xp so let's submit a file to analyze, i'm going to use the darkcomet malware sample so let's do it.

malware analysis sandbox
cuckoo malware submit

and here is cuckoo log for the malware analysis completion.

malware analysis sandbox
analysis completed

now it's time to analyze all the reports and check hash sums and..... yes you got all.

malware analysis sandbox
cuckoo malware analyzed file

if we look at report.json we'll find many many useful things like i got below.

malware analysis sandbox
Api Calls

and much more will be seen in the report file this is just the begining, please watch the below video for detailed tutorial.

VIDEO:





2 comments:

  1. What are those randomly named files appearing on Desktop during execution? Any clues on that?

    ReplyDelete