The team which has been mentioned earlier has created the Cuckoo Sandbox project, so people will be able to analyze malware in their own personal environment.
So what does the Cuckoo Sandbox project produce as results?
The Cuckoo Sandbox is able to provide RAW data which includes, but is not limited to:
– Native functions and Windows API calls traces
– Copies of files created and deleted from the filesystem
– Dump of the memory of the selected process
– Full memory dump of the analysis machine
– Screenshots of the desktop during the execution of the malware analysis
– Network dump generated by the machine used for the analysis
Once the RAW data has been collected, the Cuckoo Sandbox project will allow the user to create “end-user” reports. The Cuckoo Sandbox is currently able to provide the following types of reports:
– MongoDB interface
– HPFeeds interface
The Cuckoo Sandbox has been written in Python, so you can easily access the source code and adjust it to your personal demands.
My experiences with Cuckoo Sandbox
– Setup Cuckoo Sandbox on a Virtual Private Server
– Setup Cuckoo Sandbox on a Windows environment
– Setup Cuckoo Sandbox on a Desktop computer at home
Official Cuckoo Sandbox sources
In the link above, you will see the Cuckoo Sandbox installation guide, which has been provided by the Cuckoo Sandbox developers. The project developers do STATE that it can be hard to get the Cuckoo Sandbox environment running with the first try. But we will try to “debunk” that with this perfect Cuckoo Sandbox Installation guide.
Installing the Cuckoo Sandbox environment
Awesome, this is the part where we are going to start our process of installing the Cuckoo Sandbox environment.
So first of all, let’s make sure that we are running on the same environment:
Environment for the Cuckoo Sandbox project
For this tutorial, I have chosen to install the project on a (old) computer which has been catching dust.
The computer has the following specs:
– Quad Core processor AMD (Desktop)