From Void-Byte
Jump to navigation Jump to search

About Cuckoo Sandbox

Cuckoo Sandbox is an open source software for automating analysis of suspicious files. To do so it makes use of custom components that monitor the behavior of the malicious processes while running in an isolated environment.

Installation Instructions

  1. apt-get install -y python python-pip python-dev libffi-dev libssl-dev
  2. apt-get install -y python-virtualenv python-setuptools
  3. apt-get install -y libjpeg-dev zlib1g-dev swig
  4. apt-get install -y mongodb
  5. apt-get install -y postgresql libpq-dev
  6. apt-get install -y qemu-kvm libvirt-bin ubuntu-vm-builder bridge-utils python-libvirt
  7. apt-get install -y tcpdump apparmor-utils
  8. setcap cap_net_raw,cap_net_admin=eip /usr/sbin/tcpdump
  9. getcap /usr/sbin/tcpdump
  10. git clone
  11. cd volatility
  12. python install
  13. python -m pip install distorm3
  14. apt-get install -y libguac-client-rdp0 libguac-client-vnc0 libguac-client-ssh0 guacd
  15. usermod -a -G libvirt cuckoo
  16. vi /etc/security/limits.conf
    • * hard nofile 500000
    • * soft nofile 500000
    • root hard nofile 500000
    • root soft nofile 500000
  17. /etc/sysctl.conf
    • fs.file-max = 2097152
  18. sysctl -p
  19. cat /proc/sys/fs/file-max
  20. pip install WeasyPrint==0.42.2
  21. pip install -U pip setuptools
  22. pip install -U cuckoo

Windows Guest VM

python -m pip install pip
python -m pip install Pillow

Server Startup

starup 'initialize' vm in virtualbox
open terminal 'cuckoo'
open anbother terminal and submit the malware 'cuckoo submit filename'