Malware Analysis using Cuckoo! (Intro)

 

 

In this article we will introduce and speak about why? what? and how of one of the best Automated Malware Analysis tools.

 

 

 

What is Cuckoo?

 

Cuckoo Sandbox is a malware analysis system in it's core. Built by a team of volunteers during the Google Summer of Code project back in 2010, it’s an open source platform that automates malicious file analysis for Windows, Linux, OS X, and Android and gives detailed and meaningful feedback regarding how each file presented behaves in isolated environments.

 

Due to the fact that it’s open source software, contributors are continuously writing extensions which provide enhanced functionality. Malware detection and protection companies and intelligence agencies utilize Cuckoo to help ease the strain of manually investigating about piles of potentially malicious data. Its modular design makes it easily and customizable for both reporting and processing stages. Understandably, it has become one of the most commonly used open source tools in recent years.

 

In 2012 Cuckoo released Malwr, their sandbox-as-a-service which allows users to use the data they have collected via an easy to use interface. Its aim was to serve as an alternative for users who don’t have the ability to deal with Cuckoo properly but still want to leverage its intelligence.

 

Cuckoo is also a Fireeye MVX Engine Commercial Counterpart.

 

 

 

 

Here’s the summary on how to setup Cuckoo as well as the list of installation problems commonly encountered plus solutions:

Summarized steps to setup Cuckoo:

 

1. Enable WSL via Powershell

 

 

*use command: > Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Windows-Subsystem-Linux

 

 

 

2. Install Ubuntu from Microsoft Store

 

 

And change to developer mode:

 

 

3. Run bash in Windows CMD and install:

 

sudo apt-get install lamp-server^

sudo apt-get install mongodb

sudo apt-get install mysql-python

 

 

4. Run services:

 

 sudo service start apache2

 sudo service start mysql

 sudo service start mongodb

 

 

5. Install Cuckoo

 

*use command: > pip install cuckoo

 

@You need Python 2.7

 

6. Update .conf files found in .cuckoo dir

 

- cuckoo.conf: update mysql username password - auxiliary.conf: update tcpdump path - virtualbox.conf: update vboxmanage.exe path, interface name, IP address, machine label, snapshot

 

 

7. Update VirtualBox settings

 

- create host-only and NAT adapters - disable firewall - set static IP

 

 

8. Run Cuckoo

 

*use commands: > cuckoo > cuckoo web

 

 

 

 

TRADEMARK LEGAL NOTICE

All product names, logos, and brands are the property of their respective owners in Austria or other countries. All company, product and service names used on this website are for identification purposes only. Pheniix is not affiliated with or an official partner of Cisco, CompTIA,Dimension Data, VMware, Amazon, Microsoft, Certified Ethical Hacker, (ISC)², Juniper, Wireshark, Offensive Security,Google, GNS3, F5, Python, Linux, Java, OpenStack, Vagrant, Ansible, Docker, GIT, , Blockchain or other companies. Use of these names, logos, and brands does not imply endorsement. The opinions expressed on pheniix are personal perspectives and not those of Cisco, Dimension Data or any other company. Pheniix runs as an independent blog.