How To

Explaining Cuckoo Sandbox and Preparing for Installation

Cuckoo Sandbox is a malware analysis system used to identify any malicious intent in provided files. By offering you a detailed report outlining all of the specifics of the target, you can easily decipher whether the file is safe to operate/execute.

Commonly, you will figure this out by studying how the file responded when triggered in the isolated environment offered by Cuckoo. The official website also boasts of “infinite application opportunities”.

Cuckoo’s default features:

  • Analyze many different malicious files (executables, document expoits, Java applets) as well as malicious websites, in Windows, OS X, Linux, and Android virtualized environments.
  • Trace API calls and general behavior of the file.
  • Dump and analyze network traffic, even when encrypted.
  • Perform advanced memory analysis of the infected virtualized system with integrated support for Volatility.

For Linux users, utilize the terminal (as always).

  • (sudo) apt-get install python python-pip python-dev libffi-dev libssl-dev
  • apt-get install python-virtualenv python-setuptools
  • apt-get install libjpeg-dev zlib1g-dev swig
  • apt-get install mongodb
  • apt-get install postgresql libpq-dev
  • apt-get install qemu-kvm libvirt-bin ubuntu-vm-builder bridge-utils python-libvirt
  • pip install XenAPI
  • apt-get install Tcpdump
  • setcap cap_net_raw,cap_net_admin=eip /usr/sbin/Tcpdump
  • getcap /usr/sbin/Tcpdump (/usr/sbin/tcpdump = cap_net_admin,cap_net_raw+eip)
  • apt-get install libcap2-bin
  • Install Volatility
  • apt-get install swig
To Top

Pin It on Pinterest

Share This