cuckoo is a very famous automated malware analysis sandbox using which you can create your own poor guy's malware analysis lab. so let's see how we achieve the goal, stay with me.
Installation & First Run
As the Focus is not installation so i'll simply not let you suffer the huge article pain for installation, if you feel free to install you are pretty good to go with default installation url and if you feel like lost ping me and i'll help you in setting it as much as i can. okay so i assume you guys have already installed cuckoo and let's first run the cuckoo sandbox and virtual-box as well so that cuckoo can find our guest windows xp.
 |
| cuckoo.py |
as cuckoo is running and loaded our guest xp so let's submit a file to analyze, i'm going to use the darkcomet malware sample so let's do it.
 |
| cuckoo malware submit |
and here is cuckoo log for the malware analysis completion.
 |
| analysis completed |
now it's time to analyze all the reports and check hash sums and..... yes you got all.
 |
| cuckoo malware analyzed file |
if we look at report.json we'll find many many useful things like i got below.
 |
| Api Calls |
and much more will be seen in the report file this is just the begining, please watch the below video for detailed tutorial.
What are those randomly named files appearing on Desktop during execution? Any clues on that?
ReplyDeleteAmazing piece of content, Thank you for sharing this ideas.
ReplyDeleteAutopsy
Postmortem Mesothelioma Diagnosis