• Animesh Gupta

Installing Cuckoo - Automated Malware Analysis Tool

Download cuckoo

git clone git://github.com/cuckoosandbox/cuckoo.git

Installing Python libraries

1. Install basic dependencies:

sudo dnf install python python-pip python-devel libffi-devel openssl-devel libxml2-devel libxslt-devel libjpeg-devel redhat-rpm-config

2. To use the Django-based web interface install MongoDB:

sudo dnf install mongodb

Install Virtualenv

"virtualenv is a tool to create isolated Python environments. virtualenv creates a folder which contains all the necessary executables to use the packages that a Python project would need."2

1. Install virtualenv:

pip install virtualenv

2. Create a virtual environment for a project:

cd cuckoo/

virtualenv venv

3. To begin using the virtual environment, it needs to be activated:

source venv/bin/activate

Install further dependencies

nano requirements.txt (change six==1.90 to six==1.10, add bson==0.4.3 and distorm3==3.3.4 to the end of the file and save it with ctrl + o, exit nano with ctrl + x)

sudo pip install -r requirements.txt

Install tcpdump

"In order to dump the network activity performed by the malware during execution, you'll need a network sniffer properly configured to capture the traffic and dump it to a file.

By default Cuckoo adopts tcpdump, the prominent open source solution."1 Install tcpdump:

sudo dnf install tcpdump

"Tcpdump requires root privileges, but since you don't want Cuckoo to run as root you'll have to set specific Linux capabilities to the binary:"1

sudo setcap cap_net_raw,cap_net_admin=eip /usr/sbin/tcpdump

Installing Volatility

"Volatility is an optional tool to do forensic analysis on memory dumps. In combination with Cuckoo, it can automatically provide additional visibility into deep modifications in the operating system as well as detect the presence of rootkit technology that escaped the monitoring domain of Cuckoo's analyzer."1

git clone https://github.com/volatilityfoundation/volatility.git

cd volatility/

chmod +x setup.py

./setup.py install

Cuckoo Configuration (Host + Guest)


Bring up VirtualBox virtual interface

VBoxManage hostonlyif create

sudo ip link set vboxnet0 up

sudo ip addr add dev vboxnet0

Running Cuckoo


Updating Cuckoo

./utils/community.py -waf


©2019 Security Unleashed | New Delhi