Cuckoo
Jump to navigation
Jump to search
About Cuckoo Sandbox
Cuckoo Sandbox is an open source software for automating analysis of suspicious files. To do so it makes use of custom components that monitor the behavior of the malicious processes while running in an isolated environment.
Installation Instructions
- apt-get install -y python python-pip python-dev libffi-dev libssl-dev
- apt-get install -y python-virtualenv python-setuptools
- apt-get install -y libjpeg-dev zlib1g-dev swig
- apt-get install -y mongodb
- apt-get install -y postgresql libpq-dev
- apt-get install -y qemu-kvm libvirt-bin ubuntu-vm-builder bridge-utils python-libvirt
- apt-get install -y tcpdump apparmor-utils
- setcap cap_net_raw,cap_net_admin=eip /usr/sbin/tcpdump
- getcap /usr/sbin/tcpdump
- git clone https://github.com/volatilityfoundation/volatility.git
- cd volatility
- python setup.py install
- python -m pip install distorm3
- apt-get install -y libguac-client-rdp0 libguac-client-vnc0 libguac-client-ssh0 guacd
- usermod -a -G libvirt cuckoo
- vi /etc/security/limits.conf
- * hard nofile 500000
- * soft nofile 500000
- root hard nofile 500000
- root soft nofile 500000
- /etc/sysctl.conf
- fs.file-max = 2097152
- sysctl -p
- cat /proc/sys/fs/file-max
- pip install WeasyPrint==0.42.2
- pip install -U pip setuptools
- pip install -U cuckoo
Windows Guest VM
python -m pip install pip
python -m pip install Pillow
Server Startup
starup 'initialize' vm in virtualbox
open terminal 'cuckoo'
open anbother terminal and submit the malware 'cuckoo submit filename'