Into Malware? Time to Play in the Cuckoo Sandbox

Have a taste for tearing apart malware? Then you have probable played with Cuckoo Sandbox. If not, it is really time to take a poke at it. This is an open source malware analysis toolset. You can drop a suspicious file (or even one that is somewhat shifty in nature) into it and it will run tests. In no time at all it will spit out a report as to the nature of the file and what it tried to do all from the relative safety of a virtualized environment.

Have a taste for tearing apart malware? Then you have probable played with Cuckoo Sandbox. If not, it is really time to take a poke at it. This is an open source malware analysis toolset. You can drop a suspicious file (or even one that is somewhat shifty in nature) into it and it will run tests. In no time at all it will spit out a report as to the nature of the file and what it tried to do all from the relative safety of a virtualized environment.

Last month the developers posted the latest iteration of their application, version 1.1. To get an idea of the changes that have been introduced in this iteration have a look at the change log.A A

Changelog

Following is the CHANGELOG for this version:

- Added imphash to static PE analysis - Added search for URLs in the web interface - Added search for PE Imphash in the web interface - Added possibility in web interface to queue to all machines - Added filtering by behavior category in Django web interface - Added analyzer log to Django web interface - Added REST API to retrieve screenshots associated with a task - Added REST API to retrieve the PCAP associated with a task - Added database migration utility - Added remote submission to submit.py utility - Added small stats utility (utils/stats.py) - Added analysis package for PowerShell scripts - Added overlay configuration for signatures (data/signatures_overlay.json) - Fixed bug in MAEC report - Fixed package selection for Office documents and CPL scripts - Fixed issue with tcpdump filters - Fixed unhandled exception when uploading files to the analysis machines - Fixed issues in CuckooMon that resulted in Internet Explorer crashes - Fixed bug in CuckooMon that caused mutexes to be resolved as file paths - Fixed bug in behavior processing module that resulted in a trailing backslash in summary's registry keys - Multiple minor bug fixes

Not only is this a wonderful tool it is also the underlying software that drives the malware analysis website Malwr.com.A

If you have any interest in malware analysis at all, these are a couple of tools that you should absolutely try out.A

This story, "Into Malware? Time to Play in the Cuckoo Sandbox" was originally published by CSO.

The CIO 100 Awards recognize companies using IT in innovative ways. Submit an application today!
View Comments
You Might Like
Join the discussion
Be the first to comment on this article. Our Commenting Policies