©2019 Security Unleashed | New Delhi

  • Animesh Gupta

Installing Cuckoo - Automated Malware Analysis Tool




Download cuckoo

git clone git://github.com/cuckoosandbox/cuckoo.git

Installing Python libraries


1. Install basic dependencies:

sudo dnf install python python-pip python-devel libffi-devel openssl-devel libxml2-devel libxslt-devel libjpeg-devel redhat-rpm-config

2. To use the Django-based web interface install MongoDB:

sudo dnf install mongodb

Install Virtualenv


"virtualenv is a tool to create isolated Python environments. virtualenv creates a folder which contains all the necessary executables to use the packages that a Python project would need."2

1. Install virtualenv:

pip install virtualenv

2. Create a virtual environment for a project:

cd cuckoo/

virtualenv venv

3. To begin using the virtual environment, it needs to be activated:

source venv/bin/activate

Install further dependencies

nano requirements.txt (change six==1.90 to six==1.10, add bson==0.4.3 and distorm3==3.3.4 to the end of the file and save it with ctrl + o, exit nano with ctrl + x)

sudo pip install -r requirements.txt


Install tcpdump


"In order to dump the network activity performed by the malware during execution, you'll need a network sniffer properly configured to capture the traffic and dump it to a file.

By default Cuckoo adopts tcpdump, the prominent open source solution."1 Install tcpdump:

sudo dnf install tcpdump

"Tcpdump requires root privileges, but since you don't want Cuckoo to run as root you'll have to set specific Linux capabilities to the binary:"1

sudo setcap cap_net_raw,cap_net_admin=eip /usr/sbin/tcpdump


Installing Volatility


"Volatility is an optional tool to do forensic analysis on memory dumps. In combination with Cuckoo, it can automatically provide additional visibility into deep modifications in the operating system as well as detect the presence of rootkit technology that escaped the monitoring domain of Cuckoo's analyzer."1

git clone https://github.com/volatilityfoundation/volatility.git

cd volatility/

chmod +x setup.py

./setup.py install


Cuckoo Configuration (Host + Guest)


https://cuckoo.readthedocs.io/en/0.4.1/


Bring up VirtualBox virtual interface


VBoxManage hostonlyif create

sudo ip link set vboxnet0 up

sudo ip addr add 192.168.56.1/24 dev vboxnet0


Running Cuckoo


./cuckoo.py


Updating Cuckoo


./utils/community.py -waf



60 views