Into malware? Time to play in the Cuckoo Sandbox

Have a taste for tearing apart malware? Then you have probable played with Cuckoo Sandbox. If not, it is really time to take a poke at it.

hjbarraza

 

Have a taste for tearing apart malware? Then you have probable played with Cuckoo Sandbox. If not, it is really time to take a poke at it. This is an open source malware analysis toolset. You can drop a suspicious file (or even one that is somewhat shifty in nature) into it and it will run tests. In no time at all it will spit out a report as to the nature of the file and what it tried to do all from the relative safety of a virtualized environment. 

Last month the developers posted the latest iteration of their application, version 1.1. To get an idea of the changes that have been introduced in this iteration have a look at the change log.  

Changelog

Following is the CHANGELOG for this version:

- Added imphash to static PE analysis
- Added search for URLs in the web interface
- Added search for PE Imphash in the web interface
- Added possibility in web interface to queue to all machines
- Added filtering by behavior category in Django web interface
- Added analyzer log to Django web interface
- Added REST API to retrieve screenshots associated with a task
- Added REST API to retrieve the PCAP associated with a task
- Added database migration utility
- Added remote submission to submit.py utility
- Added small stats utility (utils/stats.py)
- Added analysis package for PowerShell scripts
- Added overlay configuration for signatures (data/signatures_overlay.json)
- Fixed bug in MAEC report
- Fixed package selection for Office documents and CPL scripts
- Fixed issue with tcpdump filters
- Fixed unhandled exception when uploading files to the analysis machines
- Fixed issues in CuckooMon that resulted in Internet Explorer crashes
- Fixed bug in CuckooMon that caused mutexes to be resolved as file paths
- Fixed bug in behavior processing module that resulted in a trailing backslash in summary's registry keys
- Multiple minor bug fixes

Not only is this a wonderful tool it is also the underlying software that drives the malware analysis website Malwr.com

malwr

If you have any interest in malware analysis at all, these are a couple of tools that you should absolutely try out. 

 

(Image used under CC from .hj barraza)

  

Cybersecurity market research: Top 15 statistics for 2017