Cuckoo Malware Analysis

CuckooMalwareAnalysisDo not judge a book by it’s cover – so they say. By just looking on the title, anyone who would like to go through this book will need a very strong understanding in programming and assembly language concept – so it seems.

‘Been reading this book for few days now and my initial impression is somewhat  leaning on the not so good side of things.  I am trying to follow through the procedure and steps in setting up the environment. As I go through the steps and recipe, there are dependencies that needed to be installed which where not mentioned on the book. There are few syntax that needs to be updated as well and some even returns an error and/or the source URL needs to be updated – that could be trivial to some noobs.

I was eventually able to set the environment up and thought that setting up and doing your own malware analysis is indeed not just to anyone. It requires one to have a decent understanding of [various] operating systems and programming concepts –  and in this case, Python.  Kudos to the authors for making it as easy as possible.

The bulk of my time is focused on the installation, preparation and customization of the cuckoo settings. Once the environment is ready – all you need is to feed a sample that you want Cuckoo to analyze. I agree that there are free online malware analyzer (i.e. ThreatTrack) out there that will do the dirty job for you. Setting up Cuckoo will raise the limitations that those online analyzers usually impose – subtle way of convincing you to purchase their product in order to get more.  Setting up your own sandbox based on Cuckoo is more efficient and will give you better understanding on how things are going/working in the back-end.

The book is divided into 5 major sections:

  1. Getting started, Installation  & Essential Tweaking.
  2. Submitting Malware samples (MS Word, PDF, MS Excel, Malicious URL & binary file) for analysis
  3. Understanding Cuckoo output
  4. Cuckoo Reporting options
  5. Tips & Tricks

There are other features in Cuckoo I am yet to explore such as memory forensics, email  automation and integration with the Maltego Project!

Grab the book @ Packt Publishing



Comments are closed.