This is discussed in the Cuckoo Web Interface section of this blog post. This setup guide is tested to work on a clean install of Ubuntu We will install VirtualBox, set up a virtualenv for Python and create a low-privilege user for cuckoo.
Secondly, we will create a new user to run Cuckoo under. The user should be able to create network dumps during Cuckoo analyses, so we give it permission to do so:.
One more step before we start, we need a Windows 7 ISO. After downloading, we have to mount the ISO to be used at a later step:. We will install VirtualBox from the VirtualBox repository, as this allows for easier upgrading to newer releases. It is important to install updates for the virtualization layer, as they might include security updates. Doing so will allow us to install the latest version of VirtualBox 5.
After the installation, we add the cuckoo user to the vboxusers group:. Before we install Cuckoo and VMCloak, the installation of multiple packages is required. These are dependencies VMCloak or Cuckoo require to function. Now that the dependencies have been installed, we can install Cuckoo and VMCloak. Start by switching to the cuckoo user and creating a new virtualenv:. The virtualenv will allow us to install dependencies within our home directory and to prevent interference with other, globally installed, Python packages.
Manually installing Windows, required software, editing registry keys, etc is a lot of work. The following step will create the VM and automatically install Windows. This step will take approximately 15 to 20 minutes. When we have created snapshots of an image, it can no longer be changed, therefore we clone the cleanly installed base image so we can install software on the clone and snapshot that:.
VMCloak supports the installation of multiple software packages. A full list of supported packages and versions can be listed:.
A specific version or a serialkey can be provided by adding: package. If no version is selected, the default version will be picked. We will be installing some basic software packages:. Optional step: Installing a Microsoft Office version so that Office document can be analyzed. Office is most likely to work, some builds of higher versions of Office sometimes cause issues with the Cuckoo Monitor Cuckoo Monitor :.
When finished with installing software packages, we can create the VM snapshots. After snapshotting, it is no longer possible to change the image. Using the --count parameter, we can create multiple snapshots at once. This command will create VMs win7x64cuckoo with IPs Cuckoo loads its configuration files, signatures, and other user-changeable files from its Cuckoo Working Directory CWD. We also feature the option to download such a tarball on our website. You will end up with a file Cuckoo By cloning Cuckoo Sandbox from our official repository , you can install it from source.
After cloning, follow the steps mentioned in Development with the Python Package to start the installation. Cuckoo Sandbox latest. Cuckoo Sandbox is free software that automated the task of analyzing any malicious file under Windows , macOS , Linux , and Android.
By default it is able to:. Due to Cuckoo's open source nature and extensive modular design one may customize any aspect of the analysis environment, analysis results processing, and reporting stage.
Cuckoo provides you all the requirements to easily integrate the sandbox into your existing framework and backend in the way you want, with the format you want, and all of that without licensing requirements.
0コメント