Cuckoo Sandbox is a malware analysis system used to identify any malicious intent in provided files. By offering you a detailed report outlining all of the specifics of the target, you can easily decipher whether the file is safe to operate/execute.
Commonly, you will figure this out by studying how the file responded when triggered in the isolated environment offered by Cuckoo. The official website also boasts of “infinite application opportunities”.
Cuckoo’s default features:
- Analyze many different malicious files (executables, document expoits, Java applets) as well as malicious websites, in Windows, OS X, Linux, and Android virtualized environments.
- Trace API calls and general behavior of the file.
- Dump and analyze network traffic, even when encrypted.
- Perform advanced memory analysis of the infected virtualized system with integrated support for Volatility.
Cuckoo is not only filled with beneficial features, but it also provides a flexible interface by giving you the opportunity to incorporate the sandbox into your standing frameworks.
In order to install Cuckoo Sandbox successfully, you’ll need to grab a couple prerequisites. After installing a virtual machine (VirtualBox recommendation), you can proceed to the prerequisites.
For Linux users, utilize the terminal (as always).
- (sudo) apt-get install python python-pip python-dev libffi-dev libssl-dev
- apt-get install python-virtualenv python-setuptools
- apt-get install libjpeg-dev zlib1g-dev swig
- apt-get install mongodb
- apt-get install postgresql libpq-dev
- apt-get install qemu-kvm libvirt-bin ubuntu-vm-builder bridge-utils python-libvirt
- pip install XenAPI
- apt-get install Tcpdump
- setcap cap_net_raw,cap_net_admin=eip /usr/sbin/Tcpdump
- getcap /usr/sbin/Tcpdump (/usr/sbin/tcpdump = cap_net_admin,cap_net_raw+eip)
- apt-get install libcap2-bin
- Install Volatility
- apt-get install swig
Of course, the commands have meaning. If you’re looking for more information on what exactly your commands are accomplishing, then check out one of the detailed tutorials online.
Furthermore, this is only the PREPPING for Cuckoo Sandbox installation. The actual set-up and execution of the program will require some excess research. Although it is a process to get set up, the outcome is easily worth it.
