The Cuckoo sandboxing malware analysis tool

Cuckoo, Cuckoo

Conclusions

Cuckoo is a very powerful tool for analyzing malware. Thanks to the modular implementation, the software can be expanded very easily with your own modules and thus adapts ideally to suit your needs. If you want to take a look at the software before installing, pay a visit to the free malwr malware analysis service [9], which uses Cuckoo as the back end.

Infos

  1. IDA Pro: https://www.hex-rays.com/products/ida/
  2. FireEye: https://www.fireeye.com
  3. Cuckoo project site: https://cuckoosandbox.org
  4. Cuckoo wget module: https://github.com/aspel/cuckoo/commit/f4d7960ca28bd5b5e2ec356d18056cb07ac6a8f0
  5. Malware domain list: https://www.malwaredomainlist.com/mdl.php
  6. Installing a virtual machine using KVM/libvirt and virt-manager: http://www.virt-tools.org
  7. EICAR test file: http://www.eicar.org/86-0-Intended-use.html
  8. Cuckoo documentation: http://docs.cuckoosandbox.org/en/latest/
  9. Cuckoo online service: https://malwr.com

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Malware analysis in the sandbox
    In malware analysis, a sandbox can provide insight into the software and its run-time environment. While a sandbox can prevent the execution of malicious code with built-in detection mechanisms, malware developers can use countermeasures to take advantage of those same detection mechanisms.
  • Secure Your KVM Virtual Machines
    A common misconception posits that software cannot cause mischief if you lock the system away in a virtual machine, because even if an intruder compromises the web server on the virtual machine, it will only damage the guest. If you believe this, you are in for a heap of hurt.
  • Controlling virtual machines with VNC and Spice
    Administrators on Linux virtual machines tend to use VNC to transfer the graphical system to Virtual Machine Manager or a VNC client. One alternative is Spice: If the guest system is running the QXL driver, you can look forward to fast graphics and audio pass through.
  • Virsh Libvert Tool

    With the command-line tool virsh, a part of the libvirt library, you can query virtual machines to discover their state of health, launch or shut down virtual machines, and perform other tasks – all of which can be conveniently scripted.

  • Building Virtual Images with BoxGrinder and VMBuilder

    Creating a virtual machine manually is straightforward but too time consuming if you regularly need to set up many virtual machines. The BoxGrinder and VMBuilder programs let you automate this process.

comments powered by Disqus