Into malware? Time to play in the Cuckoo Sandbox

Have a taste for tearing apart malware? Then you have probable played with Cuckoo Sandbox. If not, it is really time to take a poke at it. This is an open source malware analysis toolset. You can drop a suspicious file (or even one that is somewhat shifty in nature) into it and it will run tests. In no time at all it will spit out a report as to the nature of the file and what it tried to do all from the relative safety of a virtualized environment.

Last month the developers posted the latest iteration of their application, version 1.1. To get an idea of the changes that have been introduced in this iteration have a look at the change log.


Following is the CHANGELOG for this version:

- Added imphash to static PE analysis - Added search for URLs in the web interface - Added search for PE Imphash in the web interface - Added possibility in web interface to queue to all machines - Added filtering by behavior category in Django web interface - Added analyzer log to Django web interface - Added REST API to retrieve screenshots associated with a task - Added REST API to retrieve the PCAP associated with a task - Added database migration utility - Added remote submission to utility - Added small stats utility (utils/ - Added analysis package for PowerShell scripts - Added overlay configuration for signatures (data/signatures_overlay.json) - Fixed bug in MAEC report - Fixed package selection for Office documents and CPL scripts - Fixed issue with tcpdump filters - Fixed unhandled exception when uploading files to the analysis machines - Fixed issues in CuckooMon that resulted in Internet Explorer crashes - Fixed bug in CuckooMon that caused mutexes to be resolved as file paths - Fixed bug in behavior processing module that resulted in a trailing backslash in summary's registry keys - Multiple minor bug fixes

Not only is this a wonderful tool it is also the underlying software that drives the malware analysis website

If you have any interest in malware analysis at all, these are a couple of tools that you should absolutely try out.

Join the CSO newsletter!

Error: Please check your email address.

Tags securitylegalmalwarecybercrime

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Dave Lewis

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place