Rating: 0 out of 5 stars
0 ratings
Ebook231 pages1 hour
Cuckoo Malware Analysis
Rating: 0 out of 5 stars
()
About this ebook
This book is a step-by-step, practical tutorial for analyzing and detecting malware and performing digital investigations. This book features clear and concise guidance in an easily accessible format. Cuckoo Malware Analysis is great for anyone who wants to analyze malware through programming, networking, disassembling, forensics, and virtualization. Whether you are new to malware analysis or have some experience, this book will help you get started with Cuckoo Sandbox so you can start analysing malware effectively and efficiently.
Related to Cuckoo Malware Analysis
Related ebooks
Mastering Malware Analysis: The complete malware analyst's guide to combating malicious software, APT, cybercrime, and IoT attacks Penetration Testing Bootcamp Rating: 5 out of 5 stars5/5Kali Linux Network Scanning Cookbook - Second Edition Rating: 0 out of 5 stars0 ratingsBuilding Virtual Pentesting Labs for Advanced Penetration Testing Rating: 0 out of 5 stars0 ratingsMastering Kali Linux for Advanced Penetration Testing - Second Edition Rating: 0 out of 5 stars0 ratingsPractical Windows Forensics Rating: 0 out of 5 stars0 ratingsCoding for Penetration Testers: Building Better Tools Rating: 0 out of 5 stars0 ratingsHands-On Network Forensics: Investigate network attacks and find evidence using common network forensic tools Rating: 0 out of 5 stars0 ratingsBurp Suite Essentials Rating: 4 out of 5 stars4/5Mobile Malware Attacks and Defense Rating: 5 out of 5 stars5/5Penetration Testing with Kali Linux: Learn Hands-on Penetration Testing Using a Process-Driven Framework (English Edition) Rating: 0 out of 5 stars0 ratingsManaged Code Rootkits: Hooking into Runtime Environments Rating: 5 out of 5 stars5/5Metasploit Bootcamp Rating: 5 out of 5 stars5/5Professional Penetration Testing: Volume 1: Creating and Learning in a Hacking Lab Rating: 4 out of 5 stars4/5Seven Deadliest Network Attacks Rating: 3 out of 5 stars3/5Kali Linux Wireless Penetration Testing Essentials Rating: 5 out of 5 stars5/5Penetration Testing with BackBox Rating: 0 out of 5 stars0 ratingsNmap in the Enterprise: Your Guide to Network Scanning Rating: 0 out of 5 stars0 ratingsWireshark Network Security Rating: 3 out of 5 stars3/5Building Virtual Pentesting Labs for Advanced Penetration Testing - Second Edition Rating: 0 out of 5 stars0 ratingsTargeted Cyber Attacks: Multi-staged Attacks Driven by Exploits and Malware Rating: 5 out of 5 stars5/5Mastering Mobile Forensics Rating: 0 out of 5 stars0 ratingsPenetration Testing with the Bash shell Rating: 0 out of 5 stars0 ratingsKali Linux Intrusion and Exploitation Cookbook Rating: 5 out of 5 stars5/5Mastering Python Forensics Rating: 4 out of 5 stars4/5Mastering Kali Linux for Web Penetration Testing Rating: 4 out of 5 stars4/5BackTrack: Testing Wireless Network Security Rating: 0 out of 5 stars0 ratings
Internet & Web For You
Coding All-in-One For Dummies Rating: 4 out of 5 stars4/5Coding For Dummies Rating: 5 out of 5 stars5/5More Porn - Faster!: 50 Tips & Tools for Faster and More Efficient Porn Browsing Rating: 3 out of 5 stars3/5Introduction to Internet Scams and Fraud: Credit Card Theft, Work-At-Home Scams and Lottery Scams Rating: 4 out of 5 stars4/5Hacking : The Ultimate Comprehensive Step-By-Step Guide to the Basics of Ethical Hacking Rating: 5 out of 5 stars5/5The $1,000,000 Web Designer Guide: A Practical Guide for Wealth and Freedom as an Online Freelancer Rating: 5 out of 5 stars5/5The Logo Brainstorm Book: A Comprehensive Guide for Exploring Design Directions Rating: 4 out of 5 stars4/5SEO For Dummies Rating: 4 out of 5 stars4/5Cybersecurity For Dummies Rating: 4 out of 5 stars4/5Beginner's Guide To Starting An Etsy Print-On-Demand Shop Rating: 0 out of 5 stars0 ratingsTor and the Dark Art of Anonymity Rating: 5 out of 5 stars5/5How To Make Money Blogging: How I Replaced My Day-Job With My Blog and How You Can Start A Blog Today Rating: 4 out of 5 stars4/5Wireless Hacking 101 Rating: 4 out of 5 stars4/5The Digital Marketing Handbook: A Step-By-Step Guide to Creating Websites That Sell Rating: 5 out of 5 stars5/5Everybody Lies: Big Data, New Data, and What the Internet Can Tell Us About Who We Really Are Rating: 4 out of 5 stars4/5Grokking Algorithms: An illustrated guide for programmers and other curious people Rating: 4 out of 5 stars4/5200+ Ways to Protect Your Privacy: Simple Ways to Prevent Hacks and Protect Your Privacy--On and Offline Rating: 0 out of 5 stars0 ratingsThe Cyber Attack Survival Manual: Tools for Surviving Everything from Identity Theft to the Digital Apocalypse Rating: 0 out of 5 stars0 ratingsSix Figure Blogging Blueprint Rating: 5 out of 5 stars5/5The Beginner's Affiliate Marketing Blueprint Rating: 4 out of 5 stars4/5Social Engineering: The Science of Human Hacking Rating: 3 out of 5 stars3/5How To Start A Podcast Rating: 4 out of 5 stars4/5The Internet Is Not What You Think It Is: A History, a Philosophy, a Warning Rating: 4 out of 5 stars4/5Podcasting For Dummies Rating: 4 out of 5 stars4/5How to Be Invisible: Protect Your Home, Your Children, Your Assets, and Your Life Rating: 4 out of 5 stars4/5
Related podcast episodes
Bonus: Afternoon Cyber Tea: IoT-Based Infrastructures 0% found this document usefulcybersecurity maturity model certification (CMMC) (noun) [Word Notes] 0% found this document usefulCybersecurity and Hacking with Kevin Mitnick 0% found this document usefulIs enhanced hardware security the answer to ransomware? [CyberWire-X] 100% found this document usefulMobile Forensics 0% found this document usefulBlack Hat Go: Tom Steele talks Go for hackers and pentesters 0% found this document usefulOSINT, Curiosity, Creativity, & Career Pivots: A Conversation with Rae Baker 0% found this document usefulSocial Engineering works because we're human. 0% found this document usefulBig breaches (and how to avoid them): with Neil Daswani 0% found this document usefulOSINT: Who's watching you? 0% found this document usefulCyberWire Pro Interview Selects: Jaclyn Miller from NTT, Ltd. 0% found this document useful
Related articles
“Vulnerability Hunters Tend To Be Cut From A Different Cloth. They Are Naturally In Quisitive” PC Pro MagazineArticle
“Vulnerability Hunters Tend To Be Cut From A Different Cloth. They Are Naturally In Quisitive”
Jan 6, 2022
7 min readStaying Safe In The Cloud NZBusiness and ManagementArticle
Staying Safe In The Cloud
Jul 22, 2019
4 min readWeb App Security Linux FormatArticle
Web App Security
Jun 29, 2021
8 min readEverything You May Have Wanted to Know About Ethical/Whitehat Hackers TechfastlyArticle
Everything You May Have Wanted to Know About Ethical/Whitehat Hackers
Oct 21, 2020
5 min readKRACK Wi-Fi Attack Threatens All Networks: How To Stay Safe And What You Need To Know MacWorldArticle
KRACK Wi-Fi Attack Threatens All Networks: How To Stay Safe And What You Need To Know
Nov 29, 2017
5 min readHacker’s Manual Maximum PCArticle
Hacker’s Manual
Mar 2, 2021
1 min readIs Your VPN Secure? How To Check For Leaks PCWorldArticle
Is Your VPN Secure? How To Check For Leaks
May 1, 2018
4 min readHacker’s Manual Linux FormatArticle
Hacker’s Manual
Nov 17, 2020
1 min readHack The Planet/Parrot Linux FormatArticle
Hack The Planet/Parrot
May 31, 2022
2 min readHack The System Linux FormatArticle
Hack The System
Dec 17, 2019
If you followed our handy guide on the previous pages, then you’ll already have augmented your Kali Light installation with Nmap, a port-scanning utility par excellence and a vital part of any pen-tester’s arsenal. As mentioned on the DVD page (there
4 min readNetwork Attacks TechLifeArticle
Network Attacks
Sep 21, 2020
Though less common than malware and social engineering, network-based attacks are still a threat to every computer and mobile user, and everyone should have at least a basic understanding of what they are and how to avoid them. So this month let’s lo
4 min readIntroducing Kali Maximum PCArticle
Introducing Kali
Mar 2, 2021
4 min readHack Your Bluetooth ComputeractiveArticle
Hack Your Bluetooth
Jun 2, 2021
4 min readWi-Fi Networks Vulnerable To New FragAttacks Linux FormatArticle
Wi-Fi Networks Vulnerable To New FragAttacks
Jun 29, 2021
1 min readPeople Are Secretly Buying Handguns On The Dark Web FuturityArticle
People Are Secretly Buying Handguns On The Dark Web
Apr 24, 2019
2 min readHow to Protect Your Small Business Against a Cyber Attack EntrepreneurArticle
How to Protect Your Small Business Against a Cyber Attack
Feb 1, 2013
8 min readHas Your Phone Been HACKED? ComputeractiveArticle
Has Your Phone Been HACKED?
Aug 3, 2022
Most problems with our smartphones, such as the screen going blank or an app failing to open, are nothing to worry about and can be fixed with a quick recharge or restart. But sometimes there are more sinister reasons for our devices misbehaving, esp
5 min readTraefik Configuration Linux FormatArticle
Traefik Configuration
Mar 10, 2020
In this tutorial we have configured Traefik using command-line switches in our Docker Compose file (the section starting command:). This is the equivalent of starting the application with a whole bunch of command options each time, and while this wou
1 min readIntroducing Kali Linux FormatArticle
Introducing Kali
Nov 17, 2020
4 min readTsurugi Linux 2019.1 Linux FormatArticle
Tsurugi Linux 2019.1
Sep 24, 2019
2 min readSocial Engineering Maximum PCArticle
Social Engineering
Oct 15, 2019
5 min readTurn Your Raspberry Pi Into A Cloud Server Linux FormatArticle
Turn Your Raspberry Pi Into A Cloud Server
Aug 24, 2021
6 min readLint Hub Linux FormatArticle
Lint Hub
Jul 27, 2021
Pylint – a comprehensive linter that focuses on standards compliance and error detection. It’s likely built into your favourite IDE. Pycodestyle (formerly known as PEP8) – focuses on validating code formatting PEPs, has some overlap with Pylint. Pyfl
1 min readHacker Distributions Linux FormatArticle
Hacker Distributions
Nov 17, 2020
1 min readBuild a Better nginx Reverse Proxy Maximum PCArticle
Build a Better nginx Reverse Proxy
Feb 4, 2020
4 min readSecure Your Servers Linux FormatArticle
Secure Your Servers
Apr 7, 2020
No matter what you do with your Linux servers you will almost certainly have SSH access to them. Indeed this might be the only access you have, so it would be wise to secure it. Naturally, you will already be using a strong password and will have alr
4 min readAll about Ethernet TechLifeArticle
All about Ethernet
Jan 11, 2021
4 min readLook Internally For New Cyber Security Employees NZBusiness and ManagementArticle
Look Internally For New Cyber Security Employees
May 27, 2019
2 min readArtificial Intelligence: The Next Step for Cybersecurity Cannabis & Tech TodayArticle
Artificial Intelligence: The Next Step for Cybersecurity
Apr 1, 2019
3 min readThe Future Of Home Networking APCArticle
The Future Of Home Networking
Feb 22, 2021
10 min read
Reviews for Cuckoo Malware Analysis
Rating: 0 out of 5 stars
0 ratings
0 ratings0 reviews
Book preview
Cuckoo Malware Analysis - Digit Oktavianto
Table of Contents
Cuckoo Malware Analysis
Credits
About the Authors
Acknowledgement
About the Reviewers
www.PacktPub.com
Support files, eBooks, discount offers and more
Why Subscribe?
Free Access for Packt account holders
Preface
What this book covers
What you need for this book
Who this book is for
Conventions
Reader feedback
Customer support
Downloading the example code
Errata
Piracy
Questions
1. Getting Started with Automated Malware Analysis using Cuckoo Sandbox
Malware analysis methodologies
Basic theory in Sandboxing
Malware analysis lab
Cuckoo Sandbox
Installing Cuckoo Sandbox
Hardware requirements
Preparing the host OS
Requirements
Install Python in Ubuntu
Setting up Cuckoo Sandbox in the Host OS
Preparing the Guest OS
Configuring the network
Setting up a shared folder between Host OS and Guest OS
Creating a user
Installing Cuckoo Sandbox
cuckoo.conf
processing.conf
reporting.conf
Summary
2. Using Cuckoo Sandbox to Analyze a Sample Malware
Starting Cuckoo
Submitting malware samples to Cuckoo Sandbox
Submitting a malware Word document
Submitting a malware PDF document – aleppo_plan_cercs.pdf
Submitting a malware Excel document – CVE-2011-0609_XLS-SWF-2011-03-08_crsenvironscan.xls
Submitting a malicious URL – http://youtibe.com
Submitting a malicious URL – http://ziti.cndesign.com/biaozi/fdc/page_07.htm
Submitting a binary file – Sality.G.exe
Memory forensic using Cuckoo Sandbox – using memory dump features
Additional memory forensic using Volatility
Using Volatility
Summary
3. Analyzing the Output of Cuckoo Sandbox
The processing module
Analyzing an APT attack using Cuckoo Sandbox, Volatility, and Yara
Summary
4. Reporting with Cuckoo Sandbox
Creating a built-in report in HTML format
Creating a MAEC Report
Exporting data report analysis from Cuckoo to another format
Summary
5. Tips and Tricks for Cuckoo Sandbox
Hardening Cuckoo Sandbox against VM detection
Cuckooforcanari – integrating Cuckoo Sandbox with the Maltego project
Installing Maltego
Automating e-mail attachments with Cuckoo MX
Summary
Index
Cuckoo Malware Analysis
Cuckoo Malware Analysis
Copyright © 2013 Packt Publishing
All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.
Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the authors, nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book.
Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.
First published: October 2013
Production Reference: 1091013
Published by Packt Publishing Ltd.
Livery Place
35 Livery Street
Birmingham B3 2PB, UK.
ISBN 978-1-78216-923-9
www.packtpub.com
Cover Image by Prashant Timappa Shetty (<sparkling.spectrum.123@gmail.com>)
Credits
Authors
Digit Oktavianto
Iqbal Muhardianto
Reviewers
Charles Lim
Ashley
Acquisition Editors
Anthony Albuquerque
Amarabha Banerjee
Kartikey Pandey
Commissioning Editor
Shaon Basu
Technical Editor
Akashdeep Kundu
Project Coordinator
Akash Poojary
Proofreader
Kelly Hutchinson
Indexer
Priya Subramani
Graphics
Ronak Dhruv
Production Coordinator
Arvindkumar Gupta
Cover Work
Arvindkumar Gupta
About the Authors
Digit Oktavianto is an IT security professional and system administrator with experience in the Linux server, network security, Security Information and Event Management (SIEM), vulnerability assesment, penetration testing, intrusion analysis, incident response and incident handling, security hardening, PCI-DSS, and system administration.
He has good experience in Managed Security Services (MSS) projects, Security Operation Centre, operating and maintaining SIEM tools, configuring and setup of IDS/IPS, Firewall, Antivirus, Operating Systems, and Applications.
He works as an information security analyst in Noosc Global, a security consultant firm based in Indonesia. Currently, he holds CEH and GIAC Incident Handler certifications. He is very enthusiastic and has a good passion in malware analysis as his main interest for research. This book is the first book that he has written, and he plans to write more about malware analysis and incident response books.
Acknowledgement
I would like to thank Allah the God Almighty, my friend from IT Telkom, Indra Kusuma as a contributor and reviewer, and my boss and partner in Noosc Global for giving a facility for my research. I also want to thank my girlfriend, Eva, for her support and motivation in finishing this book.
I want to give you a list of names of persons to acknowledge as a gratitude for their effort in helping us in writing our book:
Chort Z. Row for the Video in Youtube (Using Cuckoobox and Volatility to analyze APT1 malware) at http://www.youtube.com/watch?v=mxGnjTlufAA, and thank you for providing Yara rules for Miniasp3 detection.
A.A. Gede Indra Kusuma from IT Telkom. Thank you for your effort in Malware Lab, and produce some resources for the book.
Jaime Blasco and Alberto Ortega from Alienvault. Thank you for providing Yara rules for APT1 detection.
David Bressler (bostonlink) for the great effort on Cuckooforcanari Project.
Alberto Ortega from Alienvault for his post on http://www.alienvault.com/open-threat-exchange/blog/hardening-cuckoo-sandbox-against-vm-aware-malware about Hardening Cuckoo Sandbox.
Xavier Mertens (@xme) for CuckooMX Project at http://blog.rootshell.be/2012/06/20/cuckoomx-automating-email-attachments-scanning-with-cuckoo/
All Cuckoo Sandbox Developers and founder: Claudio "nex Guarnieri, Mark Schloesser, Alessandro
jekil" Tanasi, and Jurriaan Bremer. Thank you very much for the great documentation on http://docs.cuckoosandbox.org/en/latest/.
Mila Parkour from http://contagiodump.blogspot.com. Thank you for providing a lot of information about malware samples.
http://virusshare.com/ and http://virusshare.com/ for providing us APT1 malware sample.
Iqbal Muhardianto is a security enthusiast and he is working in the Ministry of Foreign Affairs of the Republic of Indonesia. He loves breaking things apart just to know how it works. In his computer learning career, he first started with learning MS-DOS and some C programming, after being a System admin, Network Admin, and now he is a IT Security Administrator with some skills in Linux, Windows, Network, SIEM, Malware Analysis, and Pentesting.
He currently lives Norway and works as an IT Staff in the Indonesia Embassy in Oslo.
I would like to thank Allah the God Almighty, my parents and family, my friend Digit Oktavianto for inviting me to write this book, and my colleagues for their support and inspiration.
About the Reviewers
Charles Lim is a lecturer and researcher of Swiss German University. He has extensive IT consulting experiences before joining Swiss German University in 2007. His current research interests are Malware, Web Security, Vulnerability Analysis, Digital Forensics, Intrusion Detection, and Cloud Security. He has helped the Indonesia Ministry of Communication and Informatics create a web security assessment and data center regulation.
He is currently leading the Indonesia Chapter of Honeynet Project and is also a member of the Indonesia Academy Computer Security Incident Response Team and Cloud Security Alliance—Indonesia Chapter.
He is a regular contributor to the Indonesia CISO (Chief Information Security Officer) Magazine and also an editor and technical editor of IAES Journal.
I would like to thank Packt Publishing for giving me the opportunity to review the content of this book.
Ashley has a vision to make Mauritius a free and safe Intelligent Island in-line with the vision of the Government of Mauritius. He has completed his Bachelor in Science in Computing from Greenwich University, UK, and his Masters in Science from the University of Technology in Mauritius in Computer Security and Forensics, where he has topped. He has shouldered important positions in Mauritius and is currently a senior lecturer and
Enjoying the preview?
Page 1 of 1