How To Install Cuckoo Sandbox In Windows
Setting up Cuckoo Sandbox Footstep past Step Guide(Malware Analysis Tool)
Introduction
I thought of writing this article considering the setup procedure of Cuckoo is complex and it took me a lot of fourth dimension to gear up upward it. And wanted to help others avoid these problems because in that location aren't many guides that are accurate and up to appointment.
Cuckoo is an open-source automated malware analysis tool, which gives allows y'all to analyze many different malicious files that impact different operating systems such as Windows, Linux, macOS, and Android.
As some of you lot know, there are ii types of Malware analysis,
1. Static malware analysis — Analyzing malware without actually running it. Will consider features such equally file proper noun, MD5 checksums or hashes, file type, file size and recognition by antivirus detection tools.
two. Dynamic malware analysis — Analyzing malware by actually running it, and analyzing its behaviors such equally API calls, memory usages, network traffic, etc.(Cuckoo is a dynamic malware analysis tool)
What is Sandboxing?
In computer security, we run unknown, untested or untrusted programs or lawmaking, programs in virtual environments without putting our host auto or operating organization at adventure. This is called sandboxing. Cuckoo gives us the facility to run an unknown and untrusted application or file inside an isolated environment and analyze its behavior.
Setting up the host machine
My host machine is Ubuntu eighteen.04 with 16GB of RAM. I strongly advise y'all to use a Linux motorcar equally the host machine. Before installing Cuckoo in our host machine, it is required to install some python libraries and software packages. Too, take into note that python two.7 is required to run Cuckoo. (Cuckoo does not back up older versions of python or python 3).
- Update the package information and download available updates.
sudo apt-go update
sudo apt-get upgrade - Side by side, install python dependencies required for Cuckoo:
sudo apt-become install python python-pip python-dev libffi-dev libssl-dev
sudo apt-become install python-virtualenv python-setuptools
sudo apt-get install libjpeg-dev zlib1g-dev swig - In order to apply the Django-based Web Interface, MongoDB is required:
sudo apt-get install mongodb - In society to use PostgreSQL every bit database PostgreSQL will have to exist installed also:
sudo apt-get install postgresql libpq-dev
Next step is to Install the Virtual Machine software in your host auto. Cuckoo recommends using VirtualBox as the VM software. It is recommended to Install the VirtualBox version 5.2. You lot can find the distribution on this website hither or you lot can install information technology via Ubuntu Software application.
- Install tcpdump to dump the network action performed during the malware execution.sudo apt-become install tcpdump
- Install M2Crypto. If you already have swig installed, running the second control is sufficient.
sudo apt-get install swig
sudo pip install m2crypto==0.24.0
After installing these packages, now y'all tin install Cuckoo on your system. To install run the following commands. Or you can simply download the zip file.
sudo pip install -U pip setuptools
sudo pip install -U cuckoo
Later installing Cuckoo, you have to correctly ready the VirtualBox and its networking.
- You lot tin can create "Host-Only Adapter" by running the following command:
vboxmanage hostonlyif create
This command volition create the host interface vboxnet0.
- Set the IP accost for the vboxnet0 interface which y'all created before.
vboxmanage hostonlyif ipconfig vboxnet0 — ip 192.168.56.1
Next, you can create your virtual machine in VirtualBox and install the OS. Windows 7 is recommended. Afterward installing the Bone, you have to configure the VM network adapter to "Host Only Adapter". Which is easy past doing it from the GUI,
After that, you lot need to configure IP forwarding so an internet connection gets routed from the host automobile to the invitee VM. Here the interface assigned to our VM is vboxnet0 and the ip address of the VM is 192.168.56.101 which is on the subnet of 192.168.56.0/24. And the outgoing interface which is continued to the internet is eth0. It can change in situations like when yous are connected to the net via wifi. You can find the interface which is connected to the internet by this command, ifconfig. Here I'1000 bold the interface connected to the cyberspace is eth0,
sudo iptables -t nat -A POSTROUTING -o eth0 -s 192.168.56.0/24 -j MASQUERADE
sudo iptables -P Forwards Drib
sudo iptables -A FORWARD -m state — state RELATED,ESTABLISHED -j Take
sudo iptables -A Frontward -south 192.168.56.0/24 -j Have
sudo iptables -A Forwards -s 192.168.56.0/24 -d 192.168.56.0/24 -j Have
sudo iptables -A Frontward -j LOG
After executing these commands you have to enable IP forwarding in the kernel. To that, you lot have to execute the following commands:
repeat 1 | sudo tee -a /proc/sys/internet/ipv4/ip_forward
sudo sysctl -w cyberspace.ipv4.ip_forward=1
These rules volition only be valid until the next reboot. To check whether you have set up the rules correctly, you lot can run this control:
sudo iptables -L
Setting up the Invitee machine
Now yous tin can start setting up the invitee machine which has installed windows7. Offset, configure the Network Adapter setting every bit following,
IP Address — 192.168.56.101 (VM IP address)
Subnet Mask — 255.255.255.0
Default Gateway — 192.168.56.i (Internet accessing interface)
DNS Servers — 8.8.8.viii/8.8.4.4
- After changing the network configurations, y'all have to do the following customizations to the VM.
- Disable Windows Update and Windows Firewall. (Image)
2. Modify User Account Control Settings. (Image)
3. Install your preferred versions of Adobe Reader, Adobe Flash Player, Microsoft Part, and Java. (optional)
4. Install python 2.seven for Windows — You lot can download python 2.vii from here.
5. Upload the agent.py file from your host machine which can be found in the ~/.cuckoo/amanuensis directory. Put it to the windows startup folder located in " C:\Users\%USERNAME%\AppData\Roaming\Microsoft\Windows\StartMenu\Programs\Startup ". Afterward rebooting the VM you will be able to run into a terminal opened in the VM. (You can enable elevate and drop in VirtualBox settings. Enable only to Drag and Drib from host to guest).
Change Cuckoo Software Configuration
The cuckoo configuration files are located in the ~/.cuckoo/conf directory. Yous tin open up those files in gedit using this command:
sudo gedit cuckoo.conf
Do the following changes in the conf files.
cuckoo.conf
auxiliary.conf
virtualbox.conf
Change the parameter name to your VM proper noun. The default proper noun set is 'cuckoo1'.
processing.conf
reporting.conf
At present you have finished configuring, you can kickoff Cuckoo .
Analyzing using Cuckoo
Run following commands to start Cuckoo and the Cuckoo web interface. Run those in two separate terminal windows.
Concluding #1: cuckoo
Terminal #2: cuckoo web runserver
Then yous tin can admission the web interface by going to this accost in your favorite spider web browser:
goto: localhost:8000
The web interface volition look similar to this when loaded:
References
[1] https://cuckoo.sh/docs/installation/alphabetize.html
Source: https://medium.com/@oshara.16/setting-up-cuckoo-sandbox-for-dummies-malware-analysis-3daa99e950b5
Posted by: pattersoncalk1984.blogspot.com
0 Response to "How To Install Cuckoo Sandbox In Windows"
Post a Comment